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(57)Abstract: 

PROBLEM TO BE SOLVED: To provide the utilization of 
service only to a user who has a legal right, minimizing , , 
the burden on the user and a service provider. 
SOLUTION: When a plug-in 38 of an internet browser 31 ; ' 
is started, a verification program 15 in the plug-in 38 is " 
started, communicates with a program 32 for certification »v 
and performs user authentication. A certification data 
generation program A36 of the program 32 cooperates 
with a certification data generation program B37 in a 
token 33, calculates based on a user inherent 
information 16 and an access ticket 13 and 
communicates with the program 15 in the plug-in 38 
based on the calculation. As the result of the 
communication, the success of authentication by the 
program 15 is limited to only when the three of the user inherent information, the access ticket 
and enciphered contents correctly correspond with one another. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] In the service provision equipment which provides with service only the user who has a just 
right The 1st storage means which memorizes the data for authentication, and the 2nd storage means 
which memorizes a user's proper information, The 3rd storage means which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined count was performed, 
to said user's proper information, and the description information on access rating authentication, The 
data for authentication currently held at said 1st storage means, and said user's proper information 
memorized by said 2nd storage means, Service provision equipment characterized by offering service 
using the certification data which have a certification data generation means to perform predetermined 
count to said auxiliary information for certification memorized by said 3rd storage means, and to 
generate certification data, and were generated by said certification data generation means. 
[Claim 2] In the service provision equipment which provides with service only the user who has a just 
right The 1st storage means which memorizes the data for authentication, and the 2nd storage means 
which memorizes a user's proper information, The 3rd storage means which memorizes the auxiliary 
information for certification which it is as a result of activation that predetermined count was performed, 
to said user's proper information, and the description information on access rating authentication, The 
data for authentication currently held at said 1st storage means, and said user's proper information 
memorized by said 2nd storage means, A certification data generation means to perform predetermined 
count to said auxiliary information for certification memorized by said 3rd storage means, and to 
generate certification data, It has a certification data verification means to verify that the certification 
data generated by said certification data generation means are generated based on the description 
information on said access rating authentication. Service provision equipment characterized by offering 
service only when verification by said certification data verification means is successful. 
[Claim 3] Service provision equipment according to claim 2 characterized by canceling the limit of use 
to said information and enabling informational use only when it has further an input means to input the 
information which had use restricted and verification by said certification data verification means is 
successful. 

[Claim 4] It is service provision equipment according to claim 2 or 3 which the description information 
on said access rating authentication is a decode key in an encryption function, and said data for 
authentication encipher suitable data using the encryption key corresponding to said decode key, and 
carries out [ judging with verification being successful when, as for said certification data-verification 
means, the certification data which said certification data generation means generates decode said data 
for authentication correctly, and ] as the description. 

[Claim 5] It is service provision equipment according to claim 2 or 3 characterized by for the description 
information on said access rating authentication being an encryption key in an encryption function, and 
judging with verification having been successful when, as for said certification data verification means, 
the certification data which said certification data generation means generates enciphered said data for 
authentication correctly. 
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[Claim 6] It is service provision equipment according to claim 2 or 3 characterized by for the description 
information on said access rating authentication to be a signature key in a digital-signature function, and 
for said certification data- verification means to judge with verification having been successful when it 
was verified that the certification data which said certification data generation means generates are the 
digital signature correctly generated to said data for authentication using said signature key. 
[Claim 7] The information which had said use restricted is service provision equipment according to 
claim 2 to 6 which is the information as which at least the part was enciphered, and is characterized by 
decoding said enciphered information and enabling informational use only when verification by said 
certification data verification means is successful. 

[Claim 8] It has an input means to input the enciphered information, further, and the description 
information on said access rating authentication is the 1st decode key in an encryption function. Said 
data for authentication encipher the 2nd decode key which decodes said enciphered information using 
the encryption key corresponding to said 1st decode key. Service provision equipment according to 
claim 1 or 2 characterized by for the certification data generated by said certification data generation 
means being said 2nd decode key, decoding said enciphered information using said 2nd decode key, and 
offering the service corresponding to said information. 

[Claim 9] Service provision equipment of a key according to claim 4, 5, or 8 with which said encryption 
function is an unsymmetrical key encryption function, and the description information on said access 
rating authentication comes out on the other hand, and it is characterized by a certain thing. 
[Claim 10] Service provision equipment according to claim 4, 5, or 8 characterized by for said 
encryption function being a public-key-encryption-ized function and the description information on said 
access rating authentication being a private key. 

[Claim 1 1] Service provision equipment according to claim 4, 5, or 8 characterized by for said 
encryption function being a symmetry key encryption function, and the description information on said 
access rating authentication being a common private key. 

[Claim 12] In the service provision equipment which has access rating authentication equipment which 
certification data generation equipment and certification data verification equipment are provided, and 
said certification data generation equipment and said certification data verification equipment 
communicate, and attests a user's access rating 1st storage means by which said certification data 
generation equipment memorizes the data for authentication, The 2nd storage means which memorizes a 
user's proper information, and said user's proper information, The 3rd storage means which memorizes 
the auxiliary information for certification which it is as a result of activation that predetermined count 
was performed, to the description information on access rating authentication, Said data for 
authentication currently held at said 1st storage means, and said user's proper information currently held 
at said 2nd storage means, It has a certification data generation means to perform predetermined count to 
said auxiliary information for certification currently held at said 3rd storage means, and to generate 
certification information. Said certification data verification equipment The 4th storage means which 
memorizes the data for authentication, and the 5th storage means which memorizes certification data, It 
has a certification data verification means to verify that said certification data generated by said 
certification data generation means are generated based on the description information for said access 
rating authentication. Said certification data verification equipment writes out said data for 
authentication memorized by said 4th storage means to said 1st storage means of said certification data 
generation equipment. Said certification data generation equipment Said certification data generated 
based on said data for authentication written in said 1st storage means by said certification data 
generation means It is service provision equipment which writes out to said 5th storage means of said 
certification data verification equipment, and is characterized by said certification data verification 
equipment attesting a user's access rating using said certification data written in said 5th storage means. 
[Claim 13] The description information for said access rating authentication is the decode key of an 
encryption function. Said certification data verification equipment A random-number generation means, 
While it has the 6th storage means which memorizes the generated random number, and the 7th storage 
means which memorizes the ** data for authentication and said random-number generation means 
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writes the generated random number in said 6th storage means After giving the random-number 
effectiveness which used said random number for said ** data for authentication memorized by said 7th 
storage means, It writes in said 4th storage means as said data for authentication. Said certification data 
verification means The result of having removed the random -number effectiveness by said random 
number memorized by said 6th storage means from said certification data in which it was written by said 
5th storage means with said certification data generation equipment Service provision equipment 
according to claim 12 characterized by verifying decoding said ** data for authentication memorized by 
said 7th storage means with the decode key which is the description information on said access rating 
authentication. 

[Claim 14] The description information for said access rating authentication is the encryption key of an 
encryption function. Said certification data verification equipment is equipped with a random-number 
generation means, and said random-number generation means is written in said 4th storage means by 
using the generated random number as said data for authentication. Said certification data verification 
means Service provision equipment according to claim 12 with which said certification data written in 
said 5th storage means by said certification data generation equipment are characterized by verifying 
decoding said random number. 

[Claim 15] The description information for said access rating authentication is the signature key of a 
digital signature function. Said certification data verification equipment is equipped with a random- 
number generation means, and said random-number generation means is written in said 4th storage 
means by using the generated random number as the data for authentication. Said certification data 
verification means Said certification data written in said 5th storage means by said certification data 
generation equipment Service provision equipment according to claim 12 characterized by verifying that 
it is a digital signature with the signature key which is the description information on said access rating 
authentication to the data for authentication which are said random number. 

[Claim 16] Service provision equipment according to claim 1 to 15 with which said 2nd storage means 
and said certification data generation means are characterized by being saved in a defense means to 
close observing an in-house data and processing procedure from the outside if at least. 
[Claim 17] Service provision equipment according to claim 1 to 15 characterized by constituting said 
2nd storage means and said certification data generation means as a portable small arithmetic unit of an 
IC card etc. at least. 

[Claim 1 8] Service provision equipment according to claim 1 to 1 5 with which said certification data 
verification means is characterized by being saved in a defense means to close observing an in-house 
data and processing procedure from the outside if at least. 

[Claim 19] Service provision equipment according to claim 1 to 15 characterized by constituting said 
certification data verification means as a portable small arithmetic unit of an IC card etc. at least. 
[Claim 20] It is service provision equipment according to claim 1 to 19 which the information inputted 
from said input means enciphers multimedia information or said multimedia, such as an image, an 
animation, voice, and music, and is characterized by said service reproducing said inputted information. 
[Claim 21] Said auxiliary information for certification which has further the 8th storage means which 
memorizes the use control information which controls generation of said certification data, and is held at 
said 3rd storage means It is as a result of [ of having performed predetermined count to said user's 
proper information, the description information on said access rating authentication, and said use control 
information ] activation. Said certification data generation means The data for authentication currently 
held at said 1st storage means, and said user's proper information memorized by said 2nd storage means, 
Service provision equipment according to claim 1 to 20 characterized by performing predetermined 
count to said auxiliary information for certification memorized by said 3rd storage means, and said use 
control information memorized by said 8th storage means, and generating certification data. 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the service provision equipment which can provide 

with service alternatively only the user who has a just right, and its approach. 

[0002] 

[Description of the Prior Art] The time which various information is digitized by development of a 
network in recent years, and circulates through a network by it has come. As information digitized, there 
are an end still picture, an animation, voice, a program, etc. about text, and we can receive various 
services which combined these on the network. However, the ease of the copy which is the big 
description of these digital information had become the factor which checks circulation of the digital 
information in a network until now. Since this can generate the completely same object as original if 
digital information is copied, what once circulated is used without notice in the place which an author 
does not mean, and it originates in the problem of being hard to collect the just countervalues which an 
author should get. 

[0003] In order to solve this problem, recently, encipher digital information and it is made to circulate 
freely like CD-SHOWCASE (a trademark or product name) of IBM Japan Corp., and in case it uses, 
price is paid and a system which uses reception and digital information for a decode key by the 
telephone line etc. has also appeared. Moreover, the example of the system which charges according to 
the amount using software and collects tariffs is shown in the "software management method" of JP,6- 
95302,B. The amount measuring device of information use which can measure exactly the amounts of 
use, such as information utilization time of all the users of the information distributed by broadcast, is 
described by the "amount measuring device of information use" of JP,7-21276,B. According to this, the 
amount measuring device of information use receives and accumulates the enciphered books 
information, and the example for which the user records the time amount and the amount which decoded 
and displayed books information as use hysteresis, and collects a tariff by that cause is shown. 
[0004] Various code techniques as an approach and the program execution control technique of realizing 
the aforementioned system are known as advanced technology. 

[0005] The user who has tried activation of application inspects holding the key for authentication of 
normal, ** this routine is restricted when existence of the key for the ** aforementioned authentication 
is checked, a program execution control technique embeds the routine for a user's access rating 
authentication into ** application program, and it continues a program, and when other, it is the 
technique which stops program execution. By using this technique, if only the user of the normal which 
holds an authentication key is possible, he can close activation of application. It is put in practical use in 
the software **** enterprise and this technique is RainbowTechnologies as a product, for example. 
Sentinel of an Inc. company SuperPro (trademark) and Aladdin Knowledge Systems There is an HASP 
(trademark) of a Ltd. company etc. 

[0006] A program execution control technique is explained more below at a detail. 

** The user who performs software holds an authentication key as user proper information. An 
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authentication key is a key for encryption and those who permit use of software, for example, a software 
vendor, distribute it to a user. An authentication key is severely enclosed with the memory in hardware, 
in order to prevent a duplicate, and it is delivered by the user using a postal physical means. 
** Equip an owner's personal computer or workstation by the approach which had the hardware which 
built in the user authentication key specified. A printer port etc. is equipped with hardware. 
** If a user starts an application program and program execution attains to said access rating 
authentication routine, a program will communicate with the hardware which built in a user's 
authentication key. If a program identifies an authentication key and existence of a right authentication 
key is checked based on a communication link result, activation will be moved to the following step. 
When a communication link goes wrong and existence of an authentication key is not checked, a 
program stops oneself and can be made not to perform subsequent activation. 

[0007] Discernment of the authentication key by the access rating authentication routine is performed by 
the following protocols, for example. 

** An access rating authentication routine generates a suitable number, and transmits to hardware with a 
built-in key. 

** The hardware with a built-in key enciphers the number sent using the authentication key to build in, 
and answers said access rating authentication routine. 

** An authentication routine judges whether it is the number with which the answered number enciphers 
the number expected beforehand, i.e., the number transmitted to hardware, with a right authentication 
key, and is obtained. 

** It continues program execution, in being in agreement with the number with which the number with 
which a letter was answered was expected, and in not being in agreement, it stops a program. 
[0008] Even if the application program in this case and the communication link between hardware with 
a built-in authentication key are exchanged between the same hardware in the same part in the same 
application program, they must differ at every activation. Otherwise, it will also enable the user who 
does not hold a right authentication key to perform a program by answering an application program in 
the contents of a communication link which recorded the contents of a communication link in a normal 
activation process once, and were recorded whenever it performed the program after that. Such an attack 
is called a replay attack. 

[0009] In order to prevent a replay attack, the number usually sent to hardware with a built-in key uses 
the random number newly generated at every communication link. 

[0010] The trouble of the [trouble of conventional technique] conventional technique originates in the 
property in which protection processing of a program must be performed based on this authentication 
key, after a programmer assumes beforehand the authentication key which a user has, when creating an 
application program. 

[001 1] That is, only when the right reply from hardware with a built-in key is beforehand carried out a 
side at the time of a programming and a right reply is received, the implementer of a program has to 
create a program so that a program may be performed normally. 

[0012] Although the use gestalt of the conventional technique of having the aforementioned description 
becomes the two aforementioned kinds fundamentally, it has the problem which states below in any 
case. 

[0013] ** By the 1st approach, prepare a user's authentication key so that it may differ for every user. 
That is, every one different authentication key for every user is prepared for the user first like 
authentication **** at authentication **** and the user second. In this case, the authentication routine in 
a program must be created so that the authentication key of the proper of the user using this program can 
be attested, and a programmer needs to create the program from which only the number of use users 
differs. 

[0014] When the target users are a large number, the activity which customizes a program for every user 
(individualization) requires an effort intolerable for a programmer, and becomes what also has a huge 
list of user authentication keys which must be managed. 

[0015] ** By the 2nd approach, the implementer of a program prepares an authentication key which is 
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different for every application, respectively. That is, every one authentication key which is different for 
every application like authentication **** is prepared for the application first at authentication **** and 
the application second, and each application program is created so that the authentication key of a proper 
may be identified. 

[0016] Although it becomes unnecessary to create a program individually for every user like the 1st 
approach by this approach, as for a user, only the number of the applications to be used must hold an 
authentication key conversely. 

[0017] As mentioned above, it is necessary to distribute an authentication key to a user in the condition 
of having enclosed with hardware severely. Therefore, it cannot but depend for distribution of the 
hardware which builds in an authentication key on a postal physical means to the ability to distribute the 
program itself simple through a network, the hardware with which the authentication key corresponding 
to [ to whenever / upper ****** / ina programmer ] the application for since [ use consent / of the 
application from a user ] was enclosed ~ it is necessary to mail — cost, time amount, and the time and 
effort of packing -- it becomes a very big burden for a programmer about any. 
[0018] Moreover, a user must be content with the complicatedness that hardware must be exchanged 
whenever it changes the application to be used. 

[0019] Though he wants to use application with a user, it must wait until the hardware with which the 
authentication key was enclosed is mailed and it arrives, and there is also a problem that it cannot use 
immediately. 

[0020] Although the approach of teaching a user the password for making the authentication key in 
hardware available whenever it encloses two or more authentication keys beforehand into hardware and 
permits a user use of new application can be used in order to mitigate these problems, when the 
authentication key enclosed beforehand is exhausted, the same problem occurs, and it has not become 
essential solution. 

[0021] You may consider that it is hardly defended since a user can copy application so that he may like, 
once it decodes application by this approach, although the simple method of only enciphering 
application in addition to the approach of the above effective control, and teaching a user that decode 
key by the safe approach is used generally and widely, and it can distribute unjustly. 
[0022] Therefore, when the digitized information, for example, software, music, a movie, etc. tended to 
be delivered in a network (these are henceforth called contents generically) and it was going to obtain a 
just countervalue, in a Prior art, there was a problem of management of contents becoming complicated 
or applying a big burden to a user by management of the hardware for authentication. 
[0023] 

[Problem(s) to be Solved by the Invention] This invention aims at offering the system which can provide 
with use of service only the user who has a just right, or the system which can collect the just 
countervalues according to use of service, being made in view of such a problem and pressing down the 
burden of a user and a service provider to the minimum. 
[0024] 

[Means for Solving the Problem] The 1st storage means which memorizes the data for authentication to 
the service provision equipment which provides with service only the user who has a just right in order 
to attain the above-mentioned purpose according to the 1st side face of this invention, The 2nd storage 
means which memorizes a user's proper information, and said user's proper information, The 3rd storage 
means which memorizes the auxiliary information for certification which it is as a result of activation 
that predetermined count was performed, to the description information on access rating authentication, 
The data for authentication currently held at said 1st storage means, and said user's proper information 
memorized by said 2nd storage means, He is trying to establish a certification data generation means to 
perform predetermined count to said auxiliary information for certification memorized by said 3rd 
storage means, and to generate certification data. 

[0025] Moreover, the 1st storage means which memorizes the data for authentication to the service 
provision equipment which provides with service only the user who has a just right according to the 2nd 
side face of this invention, The 2nd storage means which memorizes a user's proper information, and 
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said user's proper information, The 3rd storage means which memorizes the auxiliary information for 
certification which it is as a result of activation that predetermined count was performed, to the 
description information on access rating authentication, The data for authentication currently held at said 
1st storage means, and said user's proper information memorized by said 2nd storage means, A 
certification data generation means to perform predetermined count to said auxiliary information for 
certification memorized by said 3rd storage means, and to generate certification data, He is trying to 
establish a certification data verification means to verify that the certification data generated by said 
certification data generation means are generated based on the description information on said access 
rating authentication. 

[0026] According to these configurations, by introducing the auxiliary data for certification (access 
ticket) The description information for access rating authentication which is a protection side and is 
given, and the user proper information given to a user side can be made to become independent. A user 
possesses user proper information beforehand and protection persons, such as a programmer, create an 
application program using the description information on access rating authentication independently of 
the user proper information which a user possesses. Then, by creating and distributing an access ticket 
according to a user's **** information and the description information on the access ticket rating 
authentication used for creation of an application program etc. It becomes possible to attest user access 
ratings, such as execution control, and only the user who has a just right can be provided with desired 
service. Moreover, if a log is taken to a certification data generate time, the just countervalue to service 
is recoverable. 

[0027] Moreover, you may make it held in the aforementioned configuration in a defense means to close 
if it is difficult for said 2nd storage means and said certification data generation means to observe an in- 
house data and processing procedure from the outside at least. 

[0028] Moreover, you may make it held in the aforementioned configuration in a defense means to close 
if it is difficult for said certification data verification means to observe an in-house data and processing 
procedure from the outside at least. 

[0029] Moreover, the description information on said access rating authentication is a decode key in an 
encryption function, and data with said suitable data for authentication are enciphered using the 
encryption key corresponding to said decode key, and you may make it verify that the certification data 
which said certification data generation means generates decode said data for authentication correctly 
with said certification data verification means. Moreover, the description information on said access 
rating authentication is an encryption key in an encryption function, and said data for authentication 
decode suitable data using the decode key corresponding to said encryption key, and you may make it 
verify that the certification data which said certification data generation means generates encipher said 
data for authentication correctly with said certification data verification means. Moreover, you may 
make it verify that the certification data which the description information on said access rating 
authentication is a signature key in a digital signature function, and said certification data generation 
means generates are the digital signature correctly generated to said data for authentication using said 
signature key. 

[0030] Moreover, the description information on said access rating authentication is the 1st decode key 
in an encryption function. Said data for authentication encipher the 2nd decode key which decodes said 
enciphered information using the encryption key corresponding to said 1st decode key. The certification 
data generated by said certification data generation means are said 2nd decode key, and said enciphered 
information is decoded using said 2nd decode key, and you may make it offer the service corresponding 
to said information. Moreover, said encryption function may be an unsymmetrical key encryption 
function, and the description information on access rating authentication may be one side of a key. 
[0031] Moreover, said encryption function may be a public-key-encryption-ized function and the 
description information on access rating authentication may be a private key. 
[0032] Moreover, said encryption function may be a symmetry key encryption function, and the 
description information on access rating authentication may be a common private key. 
[0033] Moreover, said 1st storage means, said 2nd storage means, and said 3rd storage means, The 
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certification data generation equipment which consists of said certification data generation means, and 
the 4th storage means which memorizes the data for authentication in addition to said certification data 
verification means, In the service provision equipment which has access rating authentication equipment 
with which the certification data verification equipment which offered the 5th storage means which 
memorizes certification data attests a user's access rating by communicating mutually Certification data 
verification equipment writes out the data for authentication memorized by the 4th storage means to the 
1st storage means of certification data generation equipment. Certification data generation equipment 
The certification data generated based on said data for authentication written in the 1st storage means by 
the certification data generation means It rakes out for the 5th storage means in certification data 
verification equipment, and certification data verification equipment can attest a user's access rating 
using said certification data written in the 5th storage means. 

[0034] The description information for access rating authentication is the decode key of an encryption 
function. Certification data verification equipment Moreover, a random-number generation means, 
While it has the 6th storage means which memorizes the generated random number, and the 7th storage 
means which memorizes the ** data for authentication and a random-number generation means writes 
the generated random number in the 6th storage means After giving the random-number effectiveness 
which used said random number for the ** data for authentication memorized by the 7th storage means, 
it writes in the 4th storage means as data for authentication. A certification data verification means The 
result of having removed the random-number effectiveness by the random number memorized by the 6th 
storage means from the certification data in which it was written by the 5th storage means with said 
certification data generation equipment You may make it verify decoding the ** data for authentication 
memorized by the 7th storage means with the decode key which is the description information on access 
rating authentication. 

[0035] Moreover, the description information for access rating authentication is the encryption key of an 
encryption function, and certification data-verification equipment is equipped with a random-number 
generation means, a random-number generation means writes in the 4th storage means by using the 
generated random number as the data for authentication, and it may make it verify that the certification 
data written in the 5th storage means by certification data generation equipment decode said random 
number in a certification data- verification means. 

[0036] Moreover, the description information for access rating authentication is the signature key of a 
digital signature function. Certification data verification equipment is equipped with a random-number 
generation means, and a random-number generation means is written in the 4th storage means by using 
the generated random number as the data for authentication. A certification data verification means You 
may make it verify that the certification data written in the 5th storage means by certification data 
generation equipment are a digital signature with the signature key it is [ key ] the description 
information on access rating authentication to the data for authentication which are said random number. 

[0037] 

[The mode of implementation of invention] Hereafter, this invention is explained to a detail. 
[Example 1] With reference to an example 1, the theoretic configuration of this invention is explained 
first. Drawing 1 shows the configuration of the example 1 of this invention as a whole, the service 
provision system consists of certification data verification equipment 10 and certification data 
generation equipment 1 1 in this drawing 1 , and certification data generation equipment 1 1 receives the 
access ticket (auxiliary data for certification) 13 from access ticket generation equipment 12. 
Certification data verification equipment 10 performs the verification routine 15. Certification data 
generation equipment 1 1 holds the user proper information 16 and the access ticket 13, and performs the 
certification data generator 17. A part of user proper information 16 and certification data generator [ at 
least ] 17 are protected with tamper-proof equipment 20. 

[0038] Access ticket generation equipment 12 generates the access ticket 13 based on the description 
information 14 on access rating authentication, and a user's proper information 16, and the access ticket 
13 is sent to a user through a network, a storage, etc., and is held at a user's certification data generation 
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equipment 11. 

[0039] Certification data verification equipment 10 transmits the data 18 for authentication to 
certification data generation equipment 1 1 . Certification data generation equipment 1 1 generates the 
certification data 19 using the access ticket 13 and the user proper information 16, and answers 
certification data verification equipment 10 in this. Certification data verification equipment 10 verifies 
the justification of certification data based on the data for authentication. That is, it verifies that 
certification data are data generated based on the data for verification, and the description information 
on access rating authentication. 

[0040] If the justification of certification data is verified, it will be attested that a user has a just right and 
desired service will be offered by service provision equipment. 

[0041] Hereafter, taking the case of actual service, this invention is concretely explained using drawing 
2. 

[0042] The example 1 of this invention describes the example which unified the certification data 
verification routine 15 and the decode program 35, and was included in the Internet browsers (trademark 
- of Netscape Navigator-U.S. Netscape Communications, Inc. etc.) as a plug-in (Plug-In) module. Here, 
a plug-in module can point out the software program which extends the function of the Internet browser, 
and, thereby, use of a new data type can be supported to a user. If the information on the data type which 
the Internet browser is not supporting is received from a server, the Internet browser will be loaded and 
started in search of plug-in related with the data type. Thereby, the support of a new data type is enabled 
seamlessly, without changing a user's existing system. 

[0043] The contents 34 enciphered as the new data type in the case of this example are pointed out, and 
if the contents 34 as which the Internet browser was enciphered are received from a server, the Internet 
browser will look at the data type of the enciphered contents 34, and will be loaded and started in search 
of the plug-in 38 related with the data type. Started plug-in starts the verification routine 15, and verifies 
by using for the program 32 for certification delivery and the certification data to which it came on the 
contrary for the data for authentication. When verification is successful with the verification routine 15, 
the enciphered contents 34 are decoded by the decode program 35, and it is provided for a user by it. 
The decoded contents are information, the downloaded programs, such as a hyper-document, an image, 
an animation, and music. 

[0044] Certification data generation equipment consists of a program 32 for certification, and a token 
33. The program 32 for authentication is a software program containing the access ticket 13 and the 
authentication data generator A36, and operates on a user's personal computer (PC). As for a token 33, it 
is desirable to constitute including the authentication data generator B37 and the user proper information 
16 by the hardware (for it to be hereafter called the Tampa-proof hardware) which has the defense force 
to theft of the internal state by the probe. Because, user **** information is equivalent to the password 
in password authentication, and it is the important only information that a user's identity is proved, and 
when the user proper information 16 can be read, copied and distributed, a person without a just right 
will be allowed unjust use of contents. 

[0045] Moreover, in addition to said user proper information, the certification data generators A and B 
which perform predetermined count procedure are given to a user. This program is for communicating 
with the verification routine 15 in plug-in 38, and if the user proper information 16 and the access ticket 
13 are given, it will generate the certification data 45 which calculate to the data 42 for authentication 
and prove a user's identity. Although the user proper information 16 is used in process of this count, 
since there is a problem when the user proper information 16 is revealed outside for the reason 
mentioned above, the certification data generator B37 using user proper information is stored in said 
Tampa-proof hardware. IC chip protected by the IC card, resin mold, etc. is simple, and it is easy to 
apply it as Tampa-proof hardware. However, when the added value of the service to offer is very high, 
the equipment which has high safety as shown with "the encryption equipment, the decode equipment, 
the secret data processor, and information processor" of Japanese Patent Application No. No. 284475 
[ 08 to ] may be used. 

[0046] Several operations of the certification data verification routine 15 are described below. 
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[0047] 1. Into the certification data verification routine 15, the reply data (expected value) it is expected 
that are data (data 42 for authentication) which should be transmitted are embedded. The certification 
data verification routine 15 takes out said transmit data, transmits to a user, and receives a reply from a 
user. Subsequently, when the reply data and said expected value from a user are compared and both are 
in agreement, the contents 34 enciphered by the decode program 35 are decoded, and a user is provided 
with contents in the available condition. 

[0048] 2. Into the certification data verification routine 15, the reply data (expected value) it is expected 
that are data which should be transmitted are embedded. The certification data verification routine 15 
takes out said transmit data, transmits to a user, and receives a reply from a user. Subsequently, the 
contents 34 enciphered by the decode program 35 in the value which gave the tropism function from the 
user to reply data on the other hand when both were in agreement as compared with said expected value 
are decoded, and a user is provided with contents in the available condition. 

[0049] It sets to an operation of the above 1 and 2, and in being as a result of the encryption to which 
reply data follow the predetermined encryption algorithm of transmit data, the description information 
on access rating authentication serves as an encryption key. Moreover, in [ reply data ] being a digital 
signature according to the predetermined signature algorithm of transmit data, the description 
information on access rating authentication serves as a signature key. 

[0050] 3. The data which should be transmitted are embedded into the certification data verification 
routine 15. The certification data verification routine 15 takes out said transmit data, transmits to a user, 
and receives a reply from a user. Subsequently, the contents 34 enciphered by the decode program 35 
are decoded by using said reply data as a decode key, and a user is provided with contents in the 
available condition. 

[0051] 4. The data which should be transmitted are embedded into the certification data verification 
routine 15. After the certification data verification routine 15 takes out said transmit data and gives the 
random-number effectiveness, it transmits to a user, and it receives a reply from a user. Subsequently, 
the contents 34 enciphered by the decode program 35 are decoded by using as a decode key the result of 
having removed said random-number effectiveness from said reply data, and a user is provided with 
contents in the available condition. 

[0052] 5. The certification data verification routine 15 receives the transmit data corresponding to the 
enciphered contents. In this case, the transmit data may be embedded in the enciphered contents. The 
certification data verification routine 15 transmits said received transmit data to a user, and receives a 
reply from a user. Subsequently, the contents 34 enciphered by the decode program 35 are decoded by 
using said reply data as a decode key, and a user is provided with contents in the available condition. 
[0053] 6. The certification data verification routine 15 receives the transmit data corresponding to the 
enciphered contents. In this case, the transmit data may be embedded in the enciphered contents. The 
certification data verification routine 15 transmits to a user, after giving the random-number 
effectiveness to said received transmit data, and it receives a reply from a user. Subsequently, the 
contents 34 enciphered by the decode program 35 are decoded by using as a decode key the result of 
having removed said random-number effectiveness from said reply data, and a user is provided with 
contents in the available condition. 

[0054] In the above 3 thru/or an operation of 6, when a right decode key is obtained from reply data, the 
contents 34 as which the hook was enciphered are decoded correctly, and a user becomes available 
about these contents. The description information on the access rating authentication in this case serves 
as a decode key for decoding the enciphered decode key. 

[0055] Now, with the execution control technique stated in the conventional example, user proper 
information (a user's authentication key) is the same as the description information on access rating 
authentication. The conventional certification data generating routine calculates reply data by inputting 
the description information on access rating authentication, and the data transmitted from the 
certification data verification routine. 

[0056] On the other hand, the user proper information 16 and the description information 14 on access 
rating authentication have the description of this invention in a mutually-independent point. In addition 
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to the data 42 transmitted from the user proper information 16 and the certification data verification 
routine 15, the certification data generators A and B calculate the reply data (certification data) 45 also 
for this configuration by considering the access ticket 13 as an input. This configuration has the 
following properties. 

[0057] 1. The access ticket 13 is data calculated based on the specific user proper information 16 and the 
description information 14 on access rating authentication. 

2. It is impossible in computational complexity at least to calculate the description information 14 on 
access rating authentication for the user proper information 16 from the access ticket 13 to not knowing. 

3. The certification data generators A and B calculate right reply data only within the case where the 
right combination of the user proper information 16 and the access ticket 13 is inputted, when the user 
proper information 16 and the access ticket 13 are right combination. 

[0058] By the above, a user can possess the user proper information 16 beforehand, a contents 
implementer can encipher contents independently [ the user proper information 16 which a user 
possesses ], and the user proper information 16 can enjoy use of the contents enciphered independently 
only to the user who has a just right by creating the access ticket 13 according to the user proper 
information 16 and the description information on access rating authentication. 
[0059] Moreover, the proper information which shall consist of two proper information and uses the 
user proper information 16 on the occasion of creation of the access ticket 13, and the proper 
information which a user uses in a communications program can also be distinguished and used. The 
most typical example is the approach of making user proper information 16 a public key pair, using for 
access ticket creation by making a public key into open proper information, and enclosing the private 
key in the token 33 as a user individual's secret proper information. In this case, by enabling it to 
calculate the access ticket 13 from the description information 14 on access rating authentication, and 
the public key of said public key pair, it becomes possible to calculate the access ticket 13, keeping 
secret the user proper information 16 which is a private key. 

[0060] Next, a more concrete configuration is **(ed) and explained to an example. In drawing 2 , the 
Internet browser 31, plug-in 38, and the program 32 for certification are realizable as a software program 
on the computer 30 (PC or workstation) which a user uses. Although you may realize as a software 
program similarly about a token 33, in order to raise the safety of the proper information (user proper 
information) for identifying a user, it is desirable to use together the tokens 33 (an IC card, a PC card, 
board, etc.) which have the Tampa-proof property connected to this computer 30. Under the present 
circumstances, if the hardware which has portability like an IC card is used, it is convenient when a user 
works on two or more PCs or a workstation. 

[0061] The enciphered contents 34 which are used by the Internet browser 31 are supplied to a user 
using storages, such as a network, CD-ROM, DVD, and a floppy disk. 

[0062] If a user demands use of the contents enciphered from the Internet browser, the Internet browser 
will look at the data type of the enciphered contents, and will load and start it in search of plug-in related 
with the data type. 

[0063] If plug-in starts, the verification program in this plug-in starts, it will communicate with the 
program 32 for certification, user authentication will be performed, and decode of these contents will be 
performed only within the case where a communication link is completed correctly. 
[0064] In order to use the contents 34 as which the user was enciphered, it is necessary to acquire the 
access ticket (auxiliary information for certification) published by user him. A user equips said PC or 
workstation with an IC card, when user proper information is enclosed with the IC card, for example, 
while registering the acquired access ticket into the program 32 for certification installed on said PC or 
the workstation. 

[0065] In harmony with certification data generator B, certification data generator A calculates based on 
the user proper information 16 and the access ticket 13, and performs the verification program 15 and 
communication link in plug-in based on the count. 

[0066] As a result of a communication link, when [ with the contents enciphered as user proper 
information and an access ticket ] three correspond surely, it restricts that authentication by the 
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verification program 15 is successful. Authentication is not successful when either user proper 
information or an access ticket is missing. 

[0067] An access ticket is published by specific addressing to a user. That is, a specific user's user 

proper information is used on the occasion of generation of an access ticket. When the user proper 

information used for an access ticket generate time and said user proper information used by the 

certification data generator are not in agreement, authentication is not successful too. 

[0068] Moreover, an access ticket is generated based on the description information on specific access 

rating authentication, and the verification program 15 is constituted so that the description information 

on this access rating authentication may be attested. Therefore, authentication is not successful also 

when the description information used as the basis of generation of an access ticket and the description 

information which the verification program 15 tends to attest do not correspond mutually. 

[0069] Since it has safety sufficient in itself, an access ticket can be delivered through a network. The 

safeties of an access ticket are the following two properties. 

[0070] 1. the user by whom an access ticket is a registered form and the access ticket was published — 
only he (holder of the user proper information that it was correctly used for the access ticket generate 
time) can operate certification data generation equipment correctly using this access ticket. Therefore, 
even if a holder in bad faith intercepts a network and gets other users' access ticket unjustly, unless this 
third person gets the user proper information on the normal which is the issue place of an access ticket, it 
is impossible to use this access ticket. 

[0071] 2. The access ticket holds still stricter safety. That is, even if a holder in bad faith collects the 
access tickets of the number of arbitration and performs what kind of analysis, it is impossible to 
constitute equipment which another access ticket is forged [ equipment ] based on the acquired 
information, or actuation of certification data generation equipment is copied [ equipment ], and forms 
authentication. 

[0072] In the example 1, the access ticket t is data generated based on the following formula 1 . 

[0073] 

[Equation 1] 

(1) T=D-e+omegaphi (n) 

All the notations in an upper type are integers, and express the following, n — RSA (Rivest-Shamir- 
Adelman) ~ law ~ it is the product of a number p and q, i.e., the two sufficiently big prime factors, 
(n=pq). phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-1) (q-1)). e 
expresses user proper information, it is a different number for every user, and it uses it in order to 
identify a user. D -- an access ticket private key, i.e., the description information on access rating 
authentication, - expressing ~ law -- it is a RSA private key under a number n, and a formula 2 is filled. 

[0074] 

[Equation 2] (2) gcd(D, phi (n)) =1 - here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. The property expressed by the formula (2) guarantees that several E which fills a 
formula 3 exists. 
[0075] 

[Equation 3] (3) ED mod phi(n) =1E is called an access ticket public key. 

[0076] omega is a number which becomes settled depending on n and e, and when n differs either from 
e, its value of the corresponds easily, twists it (it does not collide), and it is defined like. There is also a 
method of omega setting and on the other hand defining omega like a formula 4 as an example of the 
direction using tropism Hash Function h. 
[0077] 

[Equation 4] (4) Omega=h (n|e) 

However, notation | expresses association of a bit string. 

[0078] On the other hand, tropism Hash Functions are x which fills h(x) =h (y) and which is different 
from each other, and a function in which computing y has the property in which it is remarkable and 
difficult. On the other hand, it is RSA as an example of a tropism Hash Function. Data Security MD2 
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and MD4 by Inc., MD5, and the specification SHS (Secure Hash Standard) by the U.S. federal 
government are known. 

[0079] In the number which appeared during the above-mentioned explanation, t, E, and n can be 
exhibited and D, e, omega, p, remaining q, and remaining phi (n) need to be secret in addition to those 
who have the right which creates a ticket. 

[0080] The schematic diagram of the computer (PC or workstation) which a user uses for drawing 3 is 
shown. In drawing 3 , the card reader 39 is connected to the computer 30 which a user uses, and a user 
inserts and uses a token 33 for a card reader 39. The Internet browser 31, plug-in, and the program for 
certification are realized as a software program on a computer 30. Moreover, the access ticket is also 
memorized in the storage region of a computer 30. Now, the contents which it is going to use are the 
images of the picture of a yacht, and if a user with a just token and a just access ticket makes the 
enciphered contents read into the Internet browser 31, as shown in drawing 3 , the image of the picture 
of a yacht will be displayed on the Internet browser 31 by plug-in. 

[0081] With reference to drawing 4 , an example 1 is further explained to a detail. Drawing 4 shows 
concretely the example of a configuration of the example 1 of this invention. If it is made to contrast 
with drawing 2 , the thing corresponding to the verification routine 15 consists of the access ticket 
public key storage section 51, the authentication data storage section 52, the random-number-generation 
section 53, the random-number storage section 54, the transmit data (challenge) count section 55, the 
data separation section 56, a certification data receive section 57, the random -number effectiveness 
removal section 58, and the verification section 59, and the decode program 35 runs on decode / display 
61 . Although a verification routine and a decode program are divided and being constituted from this 
example, a decode program may be made merged to a verification routine if needed. Moreover, the 
program 32 for certification consists of the data receive section 71 for authentication, the access ticket 
storage section 72, the 1st operation part 73, and the certification data generation section 76, and a token 
33 consists of the user proper information storage section 74 and the 2nd operation part 75. 
[0082] Next, actuation is explained. All the variables in the following explanation are integers. 
[0083] [Step 1]: If a user demands use of the contents enciphered from the Internet browser, the Internet 
browser will look at the data type of the enciphered contents, and will load and start it in search of plug- 
in related with the data type. If corresponding plug-in starts, the verification routine 15 in plug-in will 
start. The contents in this case point out what a user uses through the Internet browser, for example, it is 
the display information on a homepage (an image, an animation, hyper-document, etc.), or they are 
programs like a Java applet. 

[0084] [Step 2]: The verification routine 15 of plug-in takes out an access ticket public key (E, n) and 
the authentication data KE from the contents enciphered in the data separation section, and stores them 
in the access ticket public key storage section 51 and the authentication data storage section 52, 
respectively. Here, this access ticket public key and these authentication data were explained as what is 
distributed along with the enciphered contents. Thus, it is desirable to accompany the contents 
enciphered as this access ticket public key and these authentication data consider safety although they 
may accompany the enciphered contents and you may enable it to come to hand through a network, and, 
as for these authentication data, being embedded so that a user may not understand is still more 
desirable. For example, what is necessary is to encipher, to embed these authentication data into 
contents, and just to take the approach of decoding with the decode key given to plug-in, after taking 
out. 

[0085] [Step 3]:, next the verification routine 15 generate a random number r in the random-number 
generation section 53, store it in the random-number storage section 54, and calculate transmit data 
(challenge) C according to a formula 5 using an access ticket public key (E, n), the authentication data 
KE, and a random number r. 
[0086] 

[Equation 5] (5) C=rEKE mod The n challenge C and the number n of access ticket public key methods 
(the number of the RSA methods) are transmitted to a certification data generation side. Since the 
random number r is contained in the value of C, it becomes a value which is different whenever it is a 
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communication link, and has the effectiveness of preventing a replay attack. 
[0087] [Step 4]: In the program for certification, receive Challenge C and the number n of the RSA 
methods which were sent from the verification routine in the data receive section for authentication, and 
it is the following, and make and generate the certification data (response) R. First, in the 1st operation 
part, the access ticket t which uses the number n of the RSA methods as a key, and corresponds is 
acquired, under the number n of the RSA methods, a formula 6 is performed and middle information R' 
is obtained from the access ticket storage section 72. 
[0088] 

[Equation 6] (6) R-Ct mod n[step 5]: - the user proper information e that the 2nd operation part 75 is 
memorized by the user proper information storage section 74 - acquiring - a formula 7 ~ performing ~ 
difference ~ Information S is acquired. 
[0089] 

[Equation 7] (7) S=Ce mod n[step 6]: and the certification data generation section 76 ~ middle 
information [ from the 1st and 2nd operation part 73 and 75 ] R', and difference ~ Information S is 
acquired, a formula 8 is calculated and the certification data R are obtained. 
[0090] 

[Equation 8] (8) R=R'S mod n certification data R are transmitted to a verification routine. 

[0091] [Step 7]: The random-number effectiveness removal section 58 of the verification routine 15 

acquires the certification data R received in the certification data receive section 57, calculates a formula 

9 with the random number r memorized by the random-number storage section 54, and obtains K'. 

[0092] 

[Equation 9] (9) K - verify that 'K calculated in said random-number effectiveness removal section 58 
in the =Rr-l mod n [step 8]:verification section 59' is generated based on D which is the description 
information on access rating authentication. K-K should be realized when K' is generated based on D 
which is the description information on access rating authentication surely. Whether this formula is 
realized has the approach of judging whether the data enciphered using this K' being decoded and it 
decoding correctly, the approach of judging by whether redundancy is given to K, the specific value is 
given to that part, and K' has that specific value, etc. Approaches, such as an international standard ISO 
9796, can be used for the latter approach. Here, using the latter approach, explanation is continued on 
the assumption that it verifies. 

[0093] [Step 9] : If verification in the verification section 59 is judged to be the right, a verification 
routine will pass decode key K 1 to decode / display 61. 

[0094] [Step 10]: Decode / display 61 decodes and displays the enciphered contents which separated 
decode key K' from the verification section 59 in reception and the data separation section 56. It is more 
desirable for plug-in to display directly on the field which the Internet browser specified from the field 
of safety, since the decoded information may be copied by the Internet browser, although the approach 
of passing the decoded contents to the Internet browser and displaying by the Internet browser is also 
possible. 

[0095] Thus, the user who has a just right can use the contents enciphered using the Internet browser. At 

this time, the decoded contents do not exist on temporary memory, but unjust use of the decoded 

contents can be prevented by making it disappear, after use of a user finishes. 

[0096] By this example, the enciphered contents explained an access ticket public key (E, n) and the 

authentication data KE as what is accompanied and distributed. The example of a configuration of these 

enciphered contents is shown in drawing 5 . As shown in drawing 5 , the enciphered contents consist of 

contents bodies enciphered as an access ticket public key (E, n) and the authentication data KE. The data 

separation section of a verification routine reads these, and divides them into each part. 

[0097] After the contents body is enciphered with Key K and verification is correctly completed using 

the authentication data KE, Key K can be restored through the random-number effectiveness removal 

section, and it becomes possible to decode a contents body using this key K. 

[0098] In order to raise safety more, it is desirable to be embedded so that the authentication data KE 
cannot separate into a user easily. The one approach of this implementation is shown in drawing 6 . 
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Although the enciphered contents consist of contents bodies enciphered as an access ticket public key 
(E, n) and the authentication data KE like drawing 5 at drawing 6 , not only a contents body but the 
authentication data KE are enciphered further. Drawing 6 showed the authentication data KE as what is 
enciphered with Key Kp. 

[0099] The data separation section of a verification routine holds the decode key Kp corresponding to 
this cryptographic key key KP (the example using a common key encryptosystem), decodes the 
authentication data enciphered using the decode key KP which separated the contents body enciphered 
as the authentication data KE enciphered as the access ticket public key (E, n), and is held from the 
inputted whole contents, and takes out authentication data KE. Then, after verifying using this 
authentication data KE and completing verification correctly, Key K can be restored through the 
random-number effectiveness removal section, and it becomes possible to decode a contents body using 
this key K. 

[0100] Although encryption and a decryption showed Key K and Key KP as an example using the same 
key since the example which used the common key encryption system here although a contents body 
and authentication data are enciphered was shown, it is also possible to use public key cryptosystems, 
such as RSA, for this part. 

[0101] Moreover, the simplest example of a configuration of contents is shown in drawing 7 . In this 
example, contents consist of only contents bodies and processing of encryption etc. is not performed for 
a contents body, either. However, it is in the situation of being only specific plug-in that service can be 
offered using these contents. By the verification routine in plug-in, only when processing same with 
having mentioned above is performed and it is judged as a result of the judgment in the verification 
section that it is just, plug-in uses these contents and offers service. 

[0102] Below, several examples of a configuration of the processing in the verification section of the 
verification routine explained in the example 1 are described using drawing 8 - drawing 1 1 . Drawing 8 - 
drawing 1 1 mainly show the configuration about the verification section 59 in a verification routine. 
Although it was shown here as a configuration which has a comparator 591 and the expected- value 
storage section 592 in the verification section 59 in order to clarify the difference in each example of a 
configuration, not only this but the expected- value storage section 592 etc. may be constituted on the 
outside of the verification section 59. 

[0103] (1) 1 of the example of a configuration of the verification section 59 is shown in drawing 8 . In 
this example of a configuration, the verification section 59 had the expected-value storage section 592 
and a comparator 591, and has memorized the expected value A expected as certification data in the 
expected-value storage section 592. When the random-number effectiveness is given to the certification 
data received from the certification program to the input to the verification section 59, or an 
authentication data generate time, the certification data which removed the random-number 
effectiveness from the received certification data are inputted. A comparator 591 compares the expected 
value A remembered to be this inputted certification data A' in the expected-value storage section 592. 
When judged with it being just as a result of a comparison, delivery and a display display data for a just 
judgment on a display (decode / display 61). 

[0104] In this configuration, the expected value A memorized in the expected-value storage section 592 
is not unable to steal by a program analysis etc., even if difficult. If expected value A is stolen, it will 
become possible to constitute the equipment which copies [ that the random number at the time of 
giving the random-number effectiveness can be expected, and ] actuation of a certification program, and 
unlawful access by spoofing will be attained. In order to prevent such a thing, on the other hand, using 
tropism function h() as expected value whose conversion to hard flow has a difficult property and which 
is memorized in the expected-value storage section 592 To memorize data h (A) obtained by on the 
other hand giving tropism function h() to A, and what is necessary is just made to perform the 
comparison with the data h of the result of on the other hand having given tropism function h() (A') to 
certification data A' inputted into the verification section 591. Thus, since it is remarkably difficult to 
calculate h (A) to A even if expected-value h (A) memorized in the expected-value storage section 592 
should be stolen with constituting, the above spoofing can be prevented. 
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[0105] (2) 2 of the example of a configuration of the verification section 59 is shown in drawing 9 . In 
this example of a configuration, the verification section 59 had the expected-value storage section 592, 
and a comparator 591 and the decode key storage section 593, and has memorized the expected value A 
expected as certification data in the expected-value storage section 592. When the random-number 
effectiveness is given to the certification data received from the certification program to the input to the 
verification section 59, or an authentication data generate time, the certification data which removed the 
random-number effectiveness from the received certification data are inputted. A comparator compares 
the expected value A remembered to be this inputted certification data A in the expected-value storage 
section 592. When judged with it being just as a result of a comparison, delivery, and the decode/display 
61 use this decode key K for decode / display 61 for the decode key K from the decode key storage 
section 593, encryption data are decoded, and data are displayed. 

[0106] It is possible to use tropism function h() on the other hand as well as the example 1 of a 
configuration. 

[0107] (3) 3 of the example of a configuration of the verification section 59 is shown in drawing 10 . In 
this example of a configuration, like the example 1 of a configuration, although the verification section 
59 has the expected-value storage section 592 and a comparator 591, it has memorized the decode key K 
as expected value in the expected-value storage section 592. A comparator 591 compares the expected 
value K remembered to be inputted certification data K' in the expected-value storage section 592 like 
the example 1 of a configuration. When judged with it being just as a result of a comparison, delivery, 
and the decode/display 61 use this decode key K for decode / display 61 for decode key K', encryption 
data are decoded, and data are displayed. 

[0108] (4) 4 of the example of a configuration of the verification section 59 is shown in drawing 1 1 . In 
this example of a configuration, the verification section 59 has the redundancy Banking Inspection 
Department 594. When the random-number effectiveness is given to the certification data received from 
the certification program to the input to the verification section 59, or an authentication data generate 
time, the certification data which removed the random-number effectiveness from the received 
certification data are inputted. This inputted certification data K' is inspected in the redundancy Banking 
Inspection Department 594. This approach gives redundancy beforehand to K, as mentioned above, and 
it inspects whether K' has that redundancy. For example, approaches, such as an international standard 
ISO 9796, can be used. If inspection of redundancy is passed in the redundancy Banking Inspection 
Department 594, the redundancy Banking Inspection Department 594 will use decode key K' for 
decode / display 61, delivery, and the decode/display 61 will use this decode key K, encryption data will 
be decoded, and data will be displayed. 

[0109] [Example 2] The example 2 of this invention is explained below. That it is data with which the 
certification data generated by certification data generation equipment 1 1 were generated in the example 
1 of this invention based on the data for verification, and the description information on access rating 
authentication It restricts to the time when the verification routine 15 of certification data verification 
equipment 10 verified, and the justification of certification data was verified. The example which unified 
the certification data verification routine 15 and the decode program 35, and was included in the Internet 
browser as a plug-in module about the service provision equipment with which service is offered was 
described. It was what the result of having removed the random-number effectiveness from the 
certification data which the verification routine 15 received in the example 1 becomes a decode key for 
decoding by decode/display, and judges whether the decode key is just, decodes encryption data using 
the decode key only when just, and offers service. 

[0110] However, it is not necessary to necessarily judge the justification of the decode key like an 
example 1 in the example using the result of having removed the random-number effectiveness from 
certification data, as a decode key. It becomes possible for decode to be correctly successful and to offer 
service, in being a just decode key by decoding encryption data, using the result of having removed the 
random-number effectiveness from certification data, as a decode key as it is, and in not being a just 
decode key, decode only brings the result that service cannot be offered, without succeeding. 
[01 1 1] An example 2 explains the example which does not have the verification section in this way. 
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Hereafter, in the example 2, although the word verification "routine" is used, the verification section 
does not exist in this verification routine. That is, the part which judges whether verification was 
successful does not exist. An access ticket public key (E, n) and the authentication data KE are taken out 
from the enciphered contents, and the data for authentication are generated using them, it transmits to a 
certification program, and processing which passes the result of having removed the random-number 
effectiveness from the certification data returned from the certification program to decode/display, as a 
decode key is performed. 

[0112] Drawing 12 shows the example of a configuration of an example 2. Drawing 12 is the 
configuration of having lost the verification section 59 from drawing 4 , and is the same configuration as 
drawing 4 except it. 

[0113] Also about actuation, it is almost as the same as the example 1 explained, and [step 1] - [step 7] 
performs the same processing. Hereafter, [step 8] or subsequent ones is explained. 
[0114] [Step 8]: End processing of a verification routine by step 7, and pass a verification routine to 
decode / display 61 by using as a decode key K' calculated in said random -number effectiveness 
removal section 58. 

[0115] [Step 9]: Decode / display 61 decodes and displays the enciphered contents which separated 
decode key K' from the random-number effectiveness removal section 58 of a verification routine in 
reception and the data separation section 56. In a certification program, only when a user with a just 
token generates certification data using a just access ticket, decode key K' becomes a right decode key, 
and the enciphered contents are decoded correctly and it is displayed. When a token or an access ticket 
is not just, decode key K' cannot become a right decode key, and since the enciphered contents are not 
decoded correctly, it will not be indicated by the right. 

[0116] [Example 3] The example 3 of this invention is explained below. Drawing 13 shows the 
configuration of the example 3 of this invention. The above is an example using a different protocol in a 
certification data verification side, and this example 3 is close to the configuration which advanced the 
component of the verification section shown by drawing 8 (b) of an example 1 out of the verification 
section. The same number has shown drawing 4 and a corresponding thing. In drawing 13 , 81 expresses 
the decode key storage section and the verification routine has held the decode key K for decoding 
contents beforehand. 

[0117] The configuration of the enciphered contents consists of an enciphered contents body and an 
access ticket public key, and does not need to contain authentication data. 
[0118] Next, actuation is explained. All the variables in the following explanation are integers. 
[0119] [Step 1]: If a user demands use of the contents enciphered from the Internet browser, the Internet 
browser will look at the data type of the enciphered contents, and will load and start it in search of plug- 
in related with the data type. If corresponding plug-in starts, the verification routine 15 in plug-in will 
start. The contents in this case point out what a user uses through the Internet browser, for example, it is 
the display information on a homepage (an image, an animation, hyper-document, etc.), or they are 
programs like a Java applet. 

[0120] [Step 2]: The verification routine 15 of plug-in takes out an access ticket public key (E, n) from 
the contents enciphered in the data separation section, and stores it in the access ticket public key storage 
section 51. 

[0121] [Step 3]:, next the verification routine 15 generate a random number r in the random-number 
generation section 53, store it in the random-number storage section 54, and transmit Challenge C and 
the number n of access ticket public key methods (the number of the RSA methods) to a certification 
data generation side by setting a random number r to transmit data (challenge) C. in this case, the 
certification data which the program for certification returns — Challenge C - law — it should become 
what is the basis of a number n and was enciphered using RSA cryptograph — it comes out. 
[0122] [Step 4]: In the program for certification, receive Challenge C and the number n of the RSA 
methods which were sent from the verification routine in the data receive section for authentication, and 
it is the following, and make and generate the certification data (response) R. First, in the 1st operation 
part, the access ticket t which uses the number n of the RSA methods as a key, and corresponds is 
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acquired, under the number n of the RS A methods, a formula 6 is performed and middle information R' 
is obtained from the access ticket storage section 72. 

[0123] [step 5]: ~ the user proper information e that the 2nd operation part 75 is memorized by the user 
proper information storage section 74 — acquiring — a formula 7 — performing -- difference ~ 
Information S is acquired. 

[0124] [step 6]: and the certification data generation section 76 - middle information [ from the 1st and 
2nd operation part 75 ] R', and difference — Information S is acquired, a formula 8 is calculated and the 
certification data R are obtained. The certification data R are transmitted to a verification side. 
[0125] [Step 7]: The verification section 59 of the verification routine 15 acquires the received 
certification data R, and verifies by comparing the random number r and count result r' which calculate a 
formula 10 and are memorized by the random-number storage section 54. 
[0126] 

[Equation 10] (10) The r-RE mod n random number r and count result r' are regarded as verification 
having been successful, when equal, and the verification routine 15 passes the decode key K to 
decode/display. 

[0127] [Step 8]: Decode / display 61 decodes and displays the enciphered contents which separated the 
decode key K from the verification section 59 in reception and the data separation section 56. It is more 
desirable for plug-in to display directly on the field which the Internet browser specified from the field 
of safety, since the decoded information may be copied by the Internet browser, although the approach 
of passing the decoded contents to the Internet browser and displaying by the Internet browser is also 
possible. 

[0128] Thus, when it only verifies that a user has a just right and verification is successful, you may 
make it decode the contents enciphered with the decode key registered beforehand by the verification 
routine. 

[0129] Although the example which constitutes the part of a verification routine from the above 1st 
thru/or an example 3 by the software program was shown, the decode key K of contents must be made 
secret in that case. Because, anyone can decode the contents enciphered as K will be revealed, and they 
will allow unjust use of contents. Therefore, a verification routine needs to protect an in-house data by a 
certain approach. As such an approach, in case a program is coded to a machine language, there is the 
approach of difficulty-in-reading-izing so that it may be hard to analyze an in-house data and a program 
procedure and they may become. These techniques are introduced by the Takanori Murakami 
"difficulty-in-reading-ized of program code" Institute of Electronics, Information and Communication 
Engineers technical research report (IEICE Technical Report) information security, ISEC 95-25 (1995), 
etc. Moreover, the approach of constituting a verification routine and a decode program from one 
hardware in addition to the software-based technique may be used. In that case, it can constitute from 
hardware, a PC card, an IC card of dedication, etc. Moreover, it is also possible to constitute all 
verification routines, certification data generation sections, and decode/displays from one hardware. 
[0130] [Example 4] The example 4 of this invention is explained below. This example explains the 
example of a configuration which used use control information. Use control information is the control 
information for controlling generation of certification data, and is control information which describes 
the conditions which offer service, and is distributed with an access ticket. When not agreeing on 
conditions, as control information checks these conditions when the term which offers service, a tariff 
frame, a count, time amount, etc. can be described and certification data are generated, and it does not 
generate certification data, it can stop offer of service. To control information, the attribute of users, 
such as an executive, sex, and age, is described besides this, and it is also possible to control generation 
of certification data as compared with a user's attribute currently held in the token. 
[0131] Below, the explanation when using a use term as control information and the explanation when 
using a tariff frame are described briefly. 

[0132] In this example, the access ticket t is data generated based on the following formula 1 1 . 
[0133] 

[Equation 11] 
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(11) t=D-F(n,e,L) 

the 3 variable function with which, as for the 3 variable function F (x y, z), a function value cannot 
collide easily ~ it is - for example, the above-mentioned ~ on the other hand, it can set like a formula 

13 using tropism Hash Function h. 
[0134] 

[Equation 12] 

(12) F(x,y,z)=h(x|y|z) 

All the notations in an upper type are integers, like an example 1, the number of the RSA methods and D 
express an access ticket private key, and, as for e, n expresses user proper information. L is use control 
information and, on the other hand, function F() is a tropism function. 

[0135] With reference to drawing 14 , this example is further explained to a detail. Drawing 14 shows 
concretely the example of a configuration of the example 4 of this invention. The left half of drawing 

14 , i.e., plug-in, and verification routine side is the same as drawing 4 of an example 1. 

[0136] The program 32 for certification consists of the data receive section 71 for authentication, the 
access ticket storage section 72, the 1st operation part 73, and the certification data generation section 
76, and a token 33 consists of the user proper information storage section 74, the 2nd operation part 75, 
and the use control information judging section 77. 

[0137] In addition to the number n of the RSA methods, and the access ticket t, the access ticket storage 
section 72 made use control information L the group, and has memorized it. The use control information 
judging section 77 passes the use control information L to the 2nd operation part 75, only when the 
conditions of the use control information L passed from the access ticket storage section 72 are judged 
and it judges with the right as a result of a judgment, the time of the use control information L being 
passed from the use control information judging section 77 in the 2nd operation part 75 ~ a formula 13 - 
- being based ~ difference ~ Information S is calculated and it sends to the certification data generation 
section 76. 
[0138] 

[Equation 13] 

(13) S=CF (n, e, L) mod The time of using a use term as use control information is explained below by 
n. When it has a use term as use control information, the value of the use control information L is a 
value like 199712312400. In this case, this value expresses that a use term is 24:00 on December 31, 
1997. It does not matter as for expressing with the relative number of seconds from a certain time 
instead of such a figure etc. 

[0139] The use control information judging section 77 in a token has a clock, and compares with current 
time of day the use control information L passed from the access ticket storage section 72. And when the 
value of the use control information L is the back [ time of day / current ] as a result of a comparison, it 
judges with the right and the use control information L is passed to the 2nd operation part 75. the time of 
the use control information L being passed from the use control information judging section 77 in the 
2nd operation part 75 ~ a formula 13 ~ being based ~ difference ~ Information S is calculated and it 
sends to the certification data generation section 76. 

[0140] Henceforth, like an example 1, the certification data R are calculated using a formula 8 in the 
certification data generation section 76, in the random-number effectiveness removal section 58 of the 
verification routine 15, the certification data R received in the certification data receive section 57 are 
acquired, a formula 9 is calculated with the random number r memorized by the random-number storage 
section 54, and K' is obtained. 

[0141] Whenever count was made using the right access ticket t, the right user proper information e, and 
the right use control information L, K-K is realized, the judgment with the right is made by the 
verification section of the verification routine 15, and service is offered. It is going to use the access 
ticket with which the use term of the use control information L has expired, and since the access ticket t 
cannot be altered even if it alters the use control information L it is remembered to be by the access 
ticket storage section 72 whether you are whom, it cannot become in a right value and the certification 
data R generated using the formula 8 in the certification data generation section 76 cannot receive offer 
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of service unfairly. 

[0142] When the use control information L is the amount of use of service, the figure 100 is given once 
in 100 yen semantics as a value of for example, the use control information L. 

[0143] A token has the prepaid balance storage section which memorizes prepaid balance information, 
and the use control information judging section 77 in a token compares the use control information L 
with the prepaid balance, when the prepaid balance is larger, it judges with the right, reduces the value 
which corresponds in use control information L minutes from the prepaid balance, and passes the use 
control information L to the 2nd operation part 75. The following processings are the same. 
[0144] Moreover, it has the use hysteresis storage section, and the use control information judging 
section 77 in a token records the value of the use control information L on the use hysteresis storage 
section with information, such as time of day, and you may make it pass the use control information L to 
the 2nd operation part 75 instead of the prepaid balance storage section. In this case, it processes 
collecting the use hysteresis sometimes memorized by the use hysteresis storage section, and paying the 
corresponding amount of money etc. 

[0145] Thus, also except the example shown here, after checking the use control information L by the 
use control information judging section 77, it becomes possible to perform various use control with 
constituting so that the use control information L may be passed to the 2nd operation part 75. 
[0146] [Example 5] The example 5 of this invention is explained below. An example 5 is an example 
which distributes the contents encapsulated using satellite broadcasting service, and offers service. Here, 
it points out preventing from using, if contents are remained as it is by giving encryption etc. as 
capsulation. The schematic diagram of the service provision system which used satellite broadcasting 
service for drawing 15 is shown. The encapsulated contents are distributed to each user using satellite 
broadcasting service. A user receives a satellite electric wave with a satellite antenna, and inputs into a 
receiver 100. In a receiver, the service provision equipment of this invention is mounted, and when 
verification is successful, contents can be used. 

[0147] The contents offered here can consider various things, such as a movie, music, a TV program, 
software, a photograph, reference, and news. Each contents are used in the television video 200 
connected to the receiver 100, audio equipment 300, and (Computer PC) 400 grade. Here, although the 
• example into which the receiver 100 and the service use device are divided is explained, the service use 
device by which the receiver 100 was built in can explain similarly. 

[0148] The structure of the encapsulated contents is shown in drawing 16 . The encapsulated contents 
are classified into the data enciphered as the contents header. The contents header has the label, the 
public key (E, n), and the enciphered decode key for identifying contents. The enciphered data are 
equivalent to the contents body enciphered in the aforementioned example. 

[0149] Drawing 17 is the example which showed the configuration of the receiver 100 in drawing 15 
concretely. Each circuit of a receiver 100 is controlled by the microcomputer. The satellite signal from a 
satellite antenna is first inputted into the tuner 101 of a receiver 100. A tuner 101 extracts the data of the 
channel which the user chose with the panel of a receiver 100, or remote control. An error correction 
circuit / descrambling circuit 102 reverts as contents, and inputs the extracted data into the data control 
circuit 103. In the data control circuit 103, when it identifies with a contents label whether contents are 
encapsulated or not and contents are not encapsulated in it, an output side is passed as it is. Contents are 
inputted into verification / decoder circuit 104 when contents are encapsulated. Although it is possible in 
verification / decoder circuit 104 to verify justification by the verification routine shown in the old 
example, an example 5 shows and explains an option. The detail of this approach is explained with 
reference to drawing 18 . In addition, the decoded data are supplied to a use device as a signal which the 
video decoder 106 or the audio decoder 107 is sent through a demultiplexing circuit 105, and 
corresponds. 

[0150] The verification procedure (protocol) of an example 5 is shown in drawing 18 . The same number 

has shown the part which has the same function as an example 1 . 

[0151] The access ticket t in an example 5 is data generated based on a formula 14. 

[0152] 
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[Equation 14] (14) t=D-F(n,e) 

All the notations in an upper type are integers, and express the following. (Refer to the formula of an 
example 1) 

n is the product of the number p and q of the RSA methods, i.e., the two sufficiently big prime factors, 
(n=pq). phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-1) (q-1)). e 
expresses user proper information, it is a different number for every user, and it uses it in order to 
identify a user. D - an access ticket private key ~ expressing ~ law -- it is a RSA private key under a 
number n, and a formula 2 is filled. Here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. 

[0153] The property expressed by the formula (2) guarantees that several E which fills a formula 3 
exists. E is called an access ticket public key. 

[0154] the 2 variable function with which, as for the 2 variable function F (x y), a function value cannot 
collide easily ~ it is ~ for example, the above-mentioned - on the other hand, it can set like a formula 
15 using tropism Hash Function h. 
[0155] 

[Equation 15] 

(15) F(x,y)=h(x|y) 

An example 5 is explained to a detail using a Fig. below. The verification / decoder circuit 104 in 
drawing 17 are shown by 38 at drawing 18 . Verification / decoder circuit 38 consists of a verification 
routine 15 and the decode section 61, it is realizing by ASIC (application specificintegrated circuit) etc. 
and the safety of high-speed processing of decode or a verification routine is guaranteed. It is also 
possible to, realize verification / decoder circuit 38 by the software program, of course. Moreover, in 
order to raise safety more, you may constitute from hardware which has the Tampa-proof property 
mentioned above. In verification/decoder circuit, the encapsulated contents which were received from 
the data control circuit are divided into the data enciphered as the contents header in the data separation 
section 56, and the data enciphered by the authentication data storage section 52 in the decode key KE 
enciphered by the access ticket public key storage section 51 in the public key (E, n) are stored in the 
decode section 61, respectively. And while verification/decoder circuit generates a random number in 
the internal random-number generation section and memorizes it in the random-number storage section 
54, it calculates transmit data C based on a formula 5 in the transmit data count section like an example 
1. 

[0156] thus, calculated transmit data C ~ law ~ it is transmitted to a certification program together with 
a number n. 

[0157] The operation of the 1st operation part 73 of a certification program and the certification data 
generation section 76 is performed with a microcomputer, and the access ticket is memorized by 
EPROM (erasableprogrammable read only memory) etc. Authentication data choose the access ticket [ / 
based on n which received ] t, it is the basis of the number n of the RSA methods received from the 
authentication data receive section 71, and perform a formula 16 and obtain middle information R from 
the access ticket storage section 72. 
[0158] 

[Equation 16] 

(16) R-Ct mod an IC card realizes n token ~ having ~ the user proper information storage section 74 
and the 2nd operation part 75 ~ having - a microcomputer to the data for authentication - receiving ~ a 
formula 17 ~ performing ~ difference ~ Information S is acquired. 

[0159] 

[Equation 17] 

(17) S=CF (n, e) mod n and the certification data generation section 75 of a certification program ~ 
middle information [ from the 1st and 2nd operation part 73 and 75 ] R, and difference ~ Information S 
is acquired, a formula 18 is calculated and the certification data R are obtained. 

[0160] 

[Equation 18] (18) R=RS mod n, thus the obtained certification data R are transmitted to the 
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certification data receive section 57 of verification/decoder circuit. 

[0161] The random-number effectiveness removal section 58 of the verification routine 15 acquires the 
certification data R received in the data receive section 57, calculates a formula 19 with the random 
number r memorized by the random-number storage section 54, and obtains the decode key K. 
[0162] 

[Equation 19] (19) K=Rr -1 mod n ~ redundancy is given to K at this time and you may make it verify 
whether the decode key K was correctly decoded by giving a specific value to that part in the 
verification section 59 The obtained decode key K is inputted into the decode section 61, in the decode 
section 61, decodes the enciphered data using the decode key K, and outputs them as contents. 
[0163] The outputted contents are used with PC as digital data, or are used as image information or 
audio information. 

[0164] The general-view Fig. of the service provision equipment of this example is shown in drawing 
19 . As shown in drawing, service provision equipment is connected to television. Although not shown 
in drawing, while it connects with the satellite antenna and service provision equipment receives satellite 
broadcasting service, it connects with the network through the modem and it can acquire the access 
ticket for using the encapsulated contents which received by satellite broadcasting service. As shown in 
drawing 19 (a), when contents are enciphered and the token is not being inserted in service provision 
equipment, a user cannot see an image. Then, if a user acquires a just access ticket and a token is 
inserted in service provision equipment, as shown in drawing 19 (b), he can see an image. 
[0165] Thus, in this invention, in spite of enciphering and offering contents by one cryptographic key, if 
it does not have both of tokens which stored the access ticket customized for every user, and user proper 
information, service can be used no longer. Therefore, contents are enciphered, and the provider 
(provider) of contents can be provided using the mass media like satellite broadcasting service, and can 
perform positive use management for every user by the access ticket and the token. 
[0166] [Example 6] The example 6 of this invention is explained below. Although the above described 
the case where it encapsulated for every contents, the encryption same about the broadcast channel of 
satellite broadcasting service is given as applications other than this, and there is a case where he wants 
to restrict use of contents by managing viewing-and-listening time amount etc. Such service is realized 
by expressing an access ticket by the formula 20. 
[0167] 

[Equation 20] (20) t=D-F(n,e,L) 

Here, L is use control information and expresses a use term, the 3 variable function with which, as for 
the 3 variable function F (x y, z), a function value cannot collide easily ~ it is - for example, the above- 
mentioned ~ on the other hand, it can set like a formula 21 using tropism Hash Function h. 
[0168] 

[Equation 21] 
(21)F(x,y,z)=h(x|y|z) 

The example of a configuration of use control information is shown in drawing 20. The use control 
information L consists of use start time, use end time, and a use tariff as shown in drawing. A use tariff 
is required only when a token has a prepaid function, and when not using a prepaid function, it can be 
omitted. The verification protocol at the time of using the use control information L for drawing 21 is 
shown. The same number has shown the thing of the same function as drawing 18 here. 
[0169] Hereafter, an example 6 is explained to a detail using drawing. In verification/decoder circuit, the 
encapsulated contents which were received from the data control circuit are divided into the data 
enciphered as the contents header in the data separation section 56, and the data enciphered by the 
authentication data storage section 52 in the decode key KE enciphered by the access ticket public key 
storage section 51 in the public key (E, n) are stored in the decode section 61, respectively. And while 
verification/decoder circuit generates a random number in the internal random-number generation 
section and memorizes it in the random-number storage section 54, it calculates transmit data C based 
on a formula 15 in the transmit data count section. 

[0170] thus, calculated transmit data C ~ law — it is transmitted to a certification program together with 
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a number n. 

[0171] The operation of the 1st operation part 73 of a certification program and the certification data 
generation section 76 is performed with a microcomputer, and the access ticket is memorized by 
EPROM (erasableprogrammable read only memory) etc. Authentication data choose the access ticket t 
and the use control information L, it is the basis of the number n of the RS A methods received from the 
authentication data receive section 71, and perform a formula 16 and obtain middle information R' from 
the access ticket storage section 72. [ / based on n which received ] 

[0172] A token has the user proper information storage section 74 and the 2nd operation part 75, and has 
prepaid frequency and token time-of-day data further. A token verifies whether the expiration date in 
reception and use control information is contradictory to token time of day in the data for authentication, 
and the use control information L from a microcomputer. That is, when use start time <= token time-of- 
day <= use end time has come, it is considered that verification was successful. If it succeeds in 
verification of an expiration date, it checks that the frequency of a token remains more than the number 
of availabilities within the use control information L, and if it remains, several availability minutes in 
the use control information L will be subtracted from the frequency of a token. When verification of an 
expiration date went wrong, and when frequency is insufficient, it does not process but an error is 
returned, the case where the above-mentioned verification is successful ~ a formula 22 ~ performing ~ 
difference ~ Information S is acquired. 
[0173] 

[Equation 22] 

(22) S=CF (n, e, L) mod n and the certification data generation section 75 of a certification program - 
middle information [ from the 1st and 2nd operation part 73 and 75 ] R', and difference ~ Information S 
is acquired, a formula 18 is calculated and the certification data R are obtained. Thus, the obtained 
certification data R are transmitted to the certification data receive section 57 of verification/decoder 
circuit. 

[0174] The random-number effectiveness removal section 58 of the verification routine 15 acquires the 
certification data R received in the data receive section 57, calculates a formula 19 with the random 
number r memorized by the random-number storage section 54, and obtains the decode key K. Here, 
when the use control information L used by the token is altered, an exact decode key cannot be taken 
out. Redundancy is given to K at this time and you may make it verify whether the decode key K was 
correctly decoded by giving a specific value to that part in the verification section 59. The obtained 
decode key K is inputted into the decode section 61, in the decode section 61, decodes the enciphered 
data using the decode key K, and outputs them as contents. 

[0175] The outputted contents are used with PC as digital data, or are used as image information or 
audio information. 

[0176] In this example, although time of day is given to the token, since there is no clock in the interior 
when using an IC card, it is necessary to guarantee the justification of token time of day. 
[0177] It is also possible to be able to set up the right of use for every time amount, and to realize 
functions, such as pay-per-view, by doing in this way, though he cannot use an access ticket unless a 
user is within the expiration date in use control information, but the contents of one channel are 
enciphered by the same cryptographic key. 

[0178] In addition, this invention is not limited to an above-mentioned example, and use of contents can 
be performed through various record media, communication media, and a broadcast medium. It can 
apply, when using the various communication media and the broadcast medium other than the Internet 
and satellite broadcasting service. For example, it is applicable also to offer of service of the online 
karaoke by the usual telephone network, the data communication network, and TCP/IP connection. 
[0179] 

[Effect of the Invention] It will end, if the description information and user proper information on access 
rating authentication can be made to become independent, therefore the protection side and user side 
also prepares one proper information by introducing the auxiliary data for certification (access ticket) 
according to this invention, as explained above. An access ticket is data calculated based on specific user 
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proper information and the description information on access rating authentication, and it is impossible 
to ******** to calculate the description information on access rating authentication for user proper 
information from an access ticket to not knowing at least. And since service is offered only when user 
proper information and an access ticket are right and it is put together (contents are decoded), a user can 
possess user proper information beforehand and the user proper information that a user possesses a 
service provider can prepare the description information on access rating authentication independently. 
Even when it follows, for example, contents are enciphered by one cryptographic key, the need of 
becoming possible to assign an access privilege only to a desired user, and preparing the enciphered 
contents for every user is lost. 



[Translation done.] 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** s hows the word which can not be translated. 
3. In the drawings, any words are not translated. 



TECHNICAL FIELD 



[Field of the Invention] This invention relates to the service provision equipment which can provide 
with service alternatively only the user who has a just right, and its approach. 



[Translation done.] 
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EFFECT OF THE INVENTION 



[Effect of the Invention] It will end, if the description information and user proper information on access 
rating authentication can be made to become independent, therefore the protection side and user side 
also prepares one proper information by introducing the auxiliary data for certification (access ticket) 
according to this invention, as explained above. An access ticket is data calculated based on specific user 
proper information and the description information on access rating authentication, and it is impossible 
to ******** to calculate the description information on access rating authentication for user proper 
information from an access ticket to not knowing at least. And since service is offered only when user 
proper information and an access ticket are right and it is put together (contents are decoded), a user can 
possess user proper information beforehand and the user proper information that a user possesses a 
service provider can prepare the description information on access rating authentication independently. 
Even when it follows, for example, contents are enciphered by one cryptographic key, the need of 
becoming possible to assign an access privilege only to a desired user, and preparing the enciphered 
contents for every user is lost. 



[Translation done.] 
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PRIOR ART 



[Description of the Prior Art] The time which various information is digitized by development of a 
network in recent years, and circulates through a network by it has come. As information digitized, there 
are an end still picture, an animation, voice, a program, etc. about text, and we can receive various 
services which combined these on the network. However, the ease of the copy which is the big 
description of these digital information had become the factor which checks circulation of the digital 
information in a network until now. Since this can generate the completely same object as original if 
digital information is copied, what once circulated is used without notice in the place which an author 
does not mean, and it originates in the problem of being hard to collect the just countervalues which an 
author should get. 

[0003] In order to solve this problem, recently, encipher digital information and it is made to circulate 
freely like CD-SHOWCASE (a trademark or product name) of IBM Japan Corp., and in case it uses, 
price is paid and a system which uses reception and digital information for a decode key by the 
telephone line etc. has also appeared. Moreover, the example of the system which charges according to 
the amount using software and collects tariffs is shown in the "software management method" of JP,6- 
95302,B. The amount measuring device of information use which can measure exactly the amounts of 
use, such as information utilization time of all the users of the information distributed by broadcast, is 
described by the "amount measuring device of information use" of JP,7-21276,B. According to this, the 
amount measuring device of information use receives and accumulates the enciphered books 
information, and the example for which the user records the time amount and the amount which decoded 
and displayed books information as use hysteresis, and collects a tariff by that cause is shown. 
[0004] Various code techniques as an approach and the program execution control technique of realizing 
the aforementioned system are known as advanced technology. 

[0005] The user who has tried activation of application inspects holding the key for authentication of 
normal, ** this routine is restricted when existence of the key for the ** aforementioned authentication 
is checked, a program execution control technique embeds the routine for a user's access rating 
authentication into ** application program, and it continues a program, and when other, it is the 
technique which stops program execution. By using this technique, if only the user of the normal which 
holds an authentication key is possible, he can close activation of application. It is put in practical use in 
the software **** enterprise and this technique is RainbowTechnologies as a product, for example. 
Sentinel of an Inc. company SuperPro (trademark) and Aladdin Knowledge Systems There is an HASP 
(trademark) of a Ltd. company etc. 

[0006] A program execution control technique is explained more below at a detail. 

** The user who performs software holds an authentication key as user proper information. An 

authentication key is a key for encryption and those who permit use of software, for example, a software 

vendor, distribute it to a user. An authentication key is severely enclosed with the memory in hardware, 

in order to prevent a duplicate, and it is delivered by the user using a postal physical means. 

** Equip an owner's personal computer or workstation by the approach which had the hardware which 

built in the user authentication key specified. A printer port etc. is equipped with hardware. 
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** If a user starts an application program and program execution attains to said access rating 
authentication routine, a program will communicate with the hardware which built in a user's 
authentication key. If a program identifies an authentication key and existence of a right authentication 
key is checked based on a communication link result, activation will be moved to the following step. 
When a communication link goes wrong and existence of an authentication key is not checked, a 
program stops oneself and can be made not to perform subsequent activation. 

[0007] Discernment of the authentication key by the access rating authentication routine is performed by 
the following protocols, for example. 

** An access rating authentication routine generates a suitable number, and transmits to hardware with a 
built-in key. 

** The hardware with a built-in key enciphers the number sent using the authentication key to build in, 
and answers said access rating authentication routine. 

** An authentication routine judges whether it is the number with which the answered number enciphers 
the number expected beforehand, i.e., the number transmitted to hardware, with a right authentication 
key, and is obtained. 

** It continues program execution, in being in agreement with the number with which the number with 
which a letter was answered was expected, and in not being in agreement, it stops a program. 
[0008] Even if the application program in this case and the communication link between hardware with 
a built-in authentication key are exchanged between the same hardware in the same part in the same 
application program, they must differ at every activation. Otherwise, it will also enable the user who 
does not hold a right authentication key to perform a program by answering an application program in 
the contents of a communication link which recorded the contents of a communication link in a normal 
activation process once, and were recorded whenever it performed the program after that. Such an attack 
is called a replay attack. 

[0009] In order to prevent a replay attack, the number usually sent to hardware with a built-in key uses 
the random number newly generated at every communication link. 



[Translation done.] 
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TECHNICAL PROBLEM 



The trouble of the [trouble of conventional technique] conventional technique originates in the property 
in which protection processing of a program must be performed based on this authentication key, after a 
programmer assumes beforehand the authentication key which a user has, when creating an application 
program. 

[001 1] That is, only when the right reply from hardware with a built-in key is beforehand carried out a 
side at the time of a programming and a right reply is received, the implementer of a program has to 
create a program so that a program may be performed normally. 

[0012] Although the use gestalt of the conventional technique of having the aforementioned description 
becomes the two aforementioned kinds fundamentally, it has the problem which states below in any 
case. 

[0013] ** By the 1st approach, prepare a user's authentication key so that it may differ for every user. 
That is, every one different authentication key for every user is prepared for the user first like 
authentication **** at authentication **** and the user second. In this case, the authentication routine in 
a program must be created so that the authentication key of the proper of the user using this program can 
be attested, and a programmer needs to create the program from which only the number of use users 
differs. 

[0014] When the target users are a large number, the activity which customizes a program for every user 
(individualization) requires an effort intolerable for a programmer, and becomes what also has a huge 
list of user authentication keys which must be managed. 

[0015] ** By the 2nd approach, the implementer of a program prepares an authentication key which is 
different for every application, respectively. That is, every one authentication key which is different for 
every application like authentication **** is prepared for the application first at authentication **** and 
the application second, and each application program is created so that the authentication key of a proper 
may be identified. 

[0016] Although it becomes unnecessary to create a program individually for every user like the 1st 
approach by this approach, as for a user, only the number of the applications to be used must hold an 
authentication key conversely. 

[0017] As mentioned above, it is necessary to distribute an authentication key to a user in the condition 
of having enclosed with hardware severely. Therefore, it cannot but depend for distribution of the 
hardware which builds in an authentication key on a postal physical means to the ability to distribute the 
program itself simple through a network, the hardware with which the authentication key corresponding 
to [ to whenever / upper ****** / ma programmer ] the application for since [ use consent / of the 
application from a user ] was enclosed ~ it is necessary to mail - cost, time amount, and the time and 
effort of packing - it becomes a very big burden for a programmer about any. 
[0018] Moreover, a user must be content with the complicatedness that hardware must be exchanged 
whenever it changes the application to be used. 

[0019] Though he wants to use application with a user, it must wait until the hardware with which the 
authentication key was enclosed is mailed and it arrives, and there is also a problem that it cannot use 
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immediately. 

[0020] Although the approach of teaching a user the password for making the authentication key in 
hardware available whenever it encloses two or more authentication keys beforehand into hardware and 
permits a user use of new application can be used in order to mitigate these problems, when the 
authentication key enclosed beforehand is exhausted, the same problem occurs, and it has not become 
essential solution. 

[0021] You may consider that it is hardly defended since a user can copy application so that he may like, 
once it decodes application by this approach, although the simple method of only enciphering 
application in addition to the approach of the above effective control, and teaching a user that decode 
key by the safe approach is used generally and widely, and it can distribute unjustly. 
[0022] Therefore, when the digitized information, for example, software, music, a movie, etc. tended to 
be delivered in a network (these are henceforth called contents generically) and it was going to obtain a 
just countervalue, in a Prior art, there was a problem of management of contents becoming complicated 
or applying a big burden to a user by management of the hardware for authentication. 



[Translation done.] 



httn://www4.indLinnit.pn.in/cpi-bin/tran web cq\ eiie 



8/31/2007 



JP,11-031130,A[MEANS] 



Page 1 of 18 



* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



MEANS 



[Means for Solving the Problem] The 1st storage means which memorizes the data for authentication to 
the service provision equipment which provides with service only the user who has a just right in order 
to attain the above-mentioned purpose according to the 1st side face of this invention, The 2nd storage 
means which memorizes a user's proper information, and said user's proper information, The 3rd storage 
means which memorizes the auxiliary information for certification which it is as a result of activation 
that predetermined count was performed, to the description information on access rating authentication, 
The data for authentication currently held at said 1st storage means, and said user's proper information 
memorized by said 2nd storage means, He is trying to establish a certification data generation means to 
perform predetermined count to said auxiliary information for certification memorized by said 3rd 
storage means, and to generate certification data. 

[0025] Moreover, the 1st storage means which memorizes the data for authentication to the service 
provision equipment which provides with service only the user who has a just right according to the 2nd 
side face of this invention, The 2nd storage means which memorizes a user's proper information, and 
said user's proper information, The 3rd storage means which memorizes the auxiliary information for 
certification which it is as a result of activation that predetermined count was performed, to the 
description information on access rating authentication, The data for authentication currently held at said 
1st storage means, and said user's proper information memorized by said 2nd storage means, A 
certification data generation means to perform predetermined count to said auxiliary information for 
certification memorized by said 3rd storage means, and to generate certification data, He is trying to 
establish a certification data verification means to verify that the certification data generated by said 
certification data generation means are generated based on the description information on said access 
rating authentication. 

[0026] According to these configurations, by introducing the auxiliary data for certification (access 
ticket) The description information for access rating authentication which is a protection side and is 
given, and the user proper information given to a user side can be made to become independent. A user 
possesses user proper information beforehand and protection persons, such as a programmer, create an 
application program using the description information on access rating authentication independently of 
the user proper information which a user possesses. Then, by creating and distributing an access ticket 
according to a user's **** information and the description information on the access ticket rating 
authentication used for creation of an application program etc. It becomes possible to attest user access 
ratings, such as execution control, and only the user who has a just right can be provided with desired 
service. Moreover, if a log is taken to a certification data generate time, the just countervalue to service 
is recoverable. 

[0027] Moreover, you may make it held in the aforementioned configuration in a defense means to close 
if it is difficult for said 2nd storage means and said certification data generation means to observe an in- 
house data and processing procedure from the outside at least. 

[0028] Moreover, you may make it held in the aforementioned configuration in a defense means to close 
if it is difficult for said certification data verification means to observe an in-house data and processing 
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procedure from the outside at least. 

[0029] Moreover, the description information on said access rating authentication is a decode key in an 
encryption function, and data with said suitable data for authentication are enciphered using the 
encryption key corresponding to said decode key, and you may make it verify that the certification data 
which said certification data generation means generates decode said data for authentication correctly 
with said certification data verification means. Moreover, the description information on said access 
rating authentication is an encryption key in an encryption function, and said data for authentication 
decode suitable data using the decode key corresponding to said encryption key, and you may make it 
verify that the certification data which said certification data generation means generates encipher said 
data for authentication correctly with said certification data verification means. Moreover, you may 
make it verify that the certification data which the description information on said access rating 
authentication is a signature key in a digital signature function, and said certification data generation 
means generates are the digital signature correctly generated to said data for authentication using said 
signature key. 

[0030] Moreover, the description information on said access rating authentication is the 1st decode key 
in an encryption function. Said data for authentication encipher the 2nd decode key which decodes said 
enciphered information using the encryption key corresponding to said 1st decode key. The certification 
data generated by said certification data generation means are said 2nd decode key, and said enciphered 
information is decoded using said 2nd decode key, and you may make it offer the service corresponding 
to said information. Moreover, said encryption function may be an unsymmetrical key encryption 
function, and the description information on access rating authentication may be one side of a key. 
[0031] Moreover, said encryption function may be a public-key-encryption-ized function and the 
description information on access rating authentication may be a private key. 
[0032] Moreover, said encryption function may be a symmetry key encryption function, and the 
description information on access rating authentication may be a common private key. 
[0033] Moreover, said 1st storage means, said 2nd storage means, and said 3rd storage means, The 
certification data generation equipment which consists of said certification data generation means, and 
the 4th storage means which memorizes the data for authentication in addition to said certification data 
verification means, In the service provision equipment which has access rating authentication equipment 
with which the certification data verification equipment which offered the 5th storage means which 
memorizes certification data attests a user's access rating by communicating mutually Certification data 
verification equipment writes out the data for authentication memorized by the 4th storage means to the 
1st storage means of certification data generation equipment. Certification data generation equipment 
The certification data generated based on said data for authentication written in the 1st storage means by 
the certification data generation means It rakes out for the 5th storage means in certification data 
verification equipment, and certification data verification equipment can attest a user's access rating 
using said certification data written in the 5th storage means. 

[0034] The description information for access rating authentication is the decode key of an encryption 
function. Certification data verification equipment Moreover, a random-number generation means, 
While it has the 6th storage means which memorizes the generated random number, and the 7th storage 
means which memorizes the ** data for authentication and a random-number generation means writes 
the generated random number in the 6th storage means After giving the random-number effectiveness 
which used said random number for the ** data for authentication memorized by the 7th storage means, 
it writes in the 4th storage means as data for authentication. A certification data verification means The 
result of having removed the random-number effectiveness by the random number memorized by the 6th 
storage means from the certification data in which it was written by the 5th storage means with said 
certification data generation equipment You may make it verify decoding the ** data for authentication 
memorized by the 7th storage means with the decode key which is the description information on access 
rating authentication. 

[0035] Moreover, the description information for access rating authentication is the encryption key of an 
encryption function, and certification data- verification equipment is equipped with a random-number 
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generation means, a random-number generation means writes in the 4th storage means by using the 
generated random number as the data for authentication, and it may make it verify that the certification 
data written in the 5th storage means by certification data generation equipment decode said random 
number in a certification data- verification means. 

[0036] Moreover, the description information for access rating authentication is the signature key of a 
digital signature function. Certification data verification equipment is equipped with a random-number 
generation means, and a random-number generation means is written in the 4th storage means by using 
the generated random number as the data for authentication. A certification data verification means You 
may make it verify that the certification data written in the 5th storage means by certification data 
generation equipment are a digital signature with the signature key it is [ key ] the description 
information on access rating authentication to the data for authentication which are said random number. 

[0037] 

[The mode of implementation of invention] Hereafter, this invention is explained to a detail. 
[Example 1] With reference to an example 1, the theoretic configuration of this invention is explained 
first. Drawing 1 shows the configuration of the example 1 of this invention as a whole, the service 
provision system consists of certification data verification equipment 10 and certification data 
generation equipment 1 1 in this drawing 1 , and certification data generation equipment 1 1 receives the 
access ticket (auxiliary data for certification) 13 from access ticket generation equipment 12. 
Certification data verification equipment 10 performs the verification routine 15. Certification data 
generation equipment 1 1 holds the user proper information 16 and the access ticket 13, and performs the 
certification data generator 17. A part of user proper information 16 and certification data generator [ at 
least ] 17 are protected with tamper-proof equipment 20. 

[0038] Access ticket generation equipment 12 generates the access ticket 13 based on the description 
information 14 on access rating authentication, and a user's proper information 16, and the access ticket 
13 is sent to a user through a network, a storage, etc., and is held at a user's certification data generation 
equipment 1 1 . 

[0039] Certification data verification equipment 10 transmits the data 18 for authentication to 
certification data generation equipment 1 1 . Certification data generation equipment 1 1 generates the 
certification data 19 using the access ticket 13 and the user proper information 16, and answers 
certification data verification equipment 10 in this. Certification data verification equipment 10 verifies 
the justification of certification data based on the data for authentication. That is, it verifies that 
certification data are data generated based on the data for verification, and the description information 
on access rating authentication. 

[0040] If the justification of certification data is verified, it will be attested that a user has a just right and 
desired service will be offered by service provision equipment. 

[0041] Hereafter, taking the case of actual service, this invention is concretely explained using drawing 
2. 

[0042] The example 1 of this invention describes the example which unified the certification data 
verification routine 15 and the decode program 35, and was included in the Internet browsers (trademark 
- of Netscape Navigator-U.S. Netscape Communications, Inc. etc.) as a plug-in (Plug-In) module. Here, 
a plug-in module can point out the software program which extends the function of the Internet browser, 
and, thereby, use of a new data type can be supported to a user. If the information on the data type which 
the Internet browser is not supporting is received from a server, the Internet browser will be loaded and 
started in search of plug-in related with the data type. Thereby, the support of a new data type is enabled 
seamlessly, without changing a user's existing system. 

[0043] The contents 34 enciphered as the new data type in the case of this example are pointed out, and 
if the contents 34 as which the Internet browser was enciphered are received from a server, the Internet 
browser will look at the data type of the enciphered contents 34, and will be loaded and started in search 
of the plug-in 38 related with the data type. Started plug-in starts the verification routine 15, and verifies 
by using for the program 32 for certification delivery and the certification data to which it came on the 
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contrary for the data for authentication. When verification is successful with the verification routine 15, 
the enciphered contents 34 are decoded by the decode program 35, and it is provided for a user by it. 
The decoded contents are information, the downloaded programs, such as a hyper-document, an image, 
an animation, and music. 

[0044] Certification data generation equipment consists of a program 32 for certification, and a token 
33. The program 32 for authentication is a software program containing the access ticket 13 and the 
authentication data generator A36, and operates on a user's personal computer (PC). As for a token 33, it 
is desirable to constitute including the authentication data generator B37 and the user proper information 
16 by the hardware (for it to be hereafter called the Tampa-proof hardware) which has the defense force 
to theft of the internal state by the probe. Because, user **** information is equivalent to the password 
in password authentication, and it is the important only information that a user's identity is proved, and 
when the user proper information 16 can be read, copied and distributed, a person without a just right 
will be allowed unjust use of contents. 

[0045] Moreover, in addition to said user proper information, the certification data generators A and B 
which perform predetermined count procedure are given to a user. This program is for communicating 
with the verification routine 15 in plug-in 38, and if the user proper information 16 and the access ticket 
13 are given, it will generate the certification data 45 which calculate to the data 42 for authentication 
and prove a user's identity. Although the user proper information 16 is used in process of this count, 
since there is a problem when the user proper information 1 6 is revealed outside for the reason 
mentioned above, the certification data generator B37 using user proper information is stored in said 
Tampa-proof hardware. IC chip protected by the IC card, resin mold, etc. is simple, and it is easy to 
apply it as Tampa-proof hardware. However, when the added value of the service to offer is very high, 
the equipment which has high safety as shown with "the encryption equipment, the decode equipment, 
the secret data processor, and information processor" of Japanese Patent Application No. No. 284475 
[ 08 to ] may be used. 

[0046] Several operations of the certification data verification routine 15 are described below. 
[0047] 1. Into the certification data verification routine 15, the reply data (expected value) it is expected 
that are data (data 42 for authentication) which should be transmitted are embedded. The certification 
data verification routine 15 takes out said transmit data, transmits to a user, and receives a reply from a 
user. Subsequently, when the reply data and said expected value from a user are compared and both are 
in agreement, the contents 34 enciphered by the decode program 35 are decoded, and a user is provided 
with contents in the available condition. 

[0048] 2. Into the certification data verification routine 15, the reply data (expected value) it is expected 
that are data which should be transmitted are embedded. The certification data verification routine 15 
takes out said transmit data, transmits to a user, and receives a reply from a user. Subsequently, the 
contents 34 enciphered by the decode program 35 in the value which gave the tropism function from the 
user to reply data on the other hand when both were in agreement as compared with said expected value 
are decoded, and a user is provided with contents in the available condition. 

[0049] It sets to an operation of the above 1 and 2, and in being as a result of the encryption to which 
reply data follow the predetermined encryption algorithm of transmit data, the description information 
on access rating authentication serves as an encryption key. Moreover, in [ reply data ] being a digital 
signature according to the predetermined signature algorithm of transmit data, the description 
information on access rating authentication serves as a signature key. 

[0050] 3. The data which should be transmitted are embedded into the certification data verification 
routine 15. The certification data verification routine 15 takes out said transmit data, transmits to a user, 
and receives a reply from a user. Subsequently, the contents 34 enciphered by the decode program 35 
are decoded by using said reply data as a decode key, and a user is provided with contents in the 
available condition. 

[0051] 4. The data which should be transmitted are embedded into the certification data verification 
routine 15. After the certification data verification routine 15 takes out said transmit data and gives the 
random-number effectiveness, it transmits to a user, and it receives a reply from a user. Subsequently, 
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the contents 34 enciphered by the decode program 35 are decoded by using as a decode key the result of 
having removed said random-number effectiveness from said reply data, and a user is provided with 
contents in the available condition. 

[0052] 5. The certification data verification routine 15 receives the transmit data corresponding to the 
enciphered contents. In this case, the transmit data may be embedded in the enciphered contents. The 
certification data verification routine 15 transmits said received transmit data to a user, and receives a 
reply from a user. Subsequently, the contents 34 enciphered by the decode program 35 are decoded by 
using said reply data as a decode key, and a user is provided with contents in the available condition. 
[0053] 6. The certification data verification routine 15 receives the transmit data corresponding to the 
enciphered contents. In this case, the transmit data may be embedded in the enciphered contents. The 
certification data verification routine 15 transmits to a user, after giving the random-number 
effectiveness to said received transmit data, and it receives a reply from a user. Subsequently, the 
contents 34 enciphered by the decode program 35 are decoded by using as a decode key the result of 
having removed said random-number effectiveness from said reply data, and a user is provided with 
contents in the available condition. 

[0054] In the above 3 thru/or an operation of 6, when a right decode key is obtained from reply data, the 
contents 34 as which the hook was enciphered are decoded correctly, and a user becomes available 
about these contents. The description information on the access rating authentication in this case serves 
as a decode key for decoding the enciphered decode key. 

[0055] Now, with the execution control technique stated in the conventional example, user proper 
information (a user's authentication key) is the same as the description information on access rating 
authentication. The conventional certification data generating routine calculates reply data by inputting 
the description information on access rating authentication, and the data transmitted from the 
certification data verification routine. 

[0056] On the other hand, the user proper information 16 and the description information 14 on access 
rating authentication have the description of this invention in a mutually-independent point. In addition 
to the data 42 transmitted from the user proper information 16 and the certification data verification 
routine 1 5, the certification data generators A and B calculate the reply data (certification data) 45 also 
for this configuration by considering the access ticket 13 as an input. This configuration has the 
following properties. 

[0057] 1. The access ticket 13 is data calculated based on the specific user proper information 16 and the 
description information 14 on access rating authentication. 

2. It is impossible in computational complexity at least to calculate the description information 14 on 
access rating authentication for the user proper information 16 from the access ticket 13 to not knowing. 

3. The certification data generators A and B calculate right reply data only within the case where the 
right combination of the user proper information 16 and the access ticket 13 is inputted, when the user 
proper information 16 and the access ticket 13 are right combination. 

[0058] By the above, a user can possess the user proper information 16 beforehand, a contents 
implementer can encipher contents independently [ the user proper information 16 which a user 
possesses ], and the user proper information 16 can enjoy use of the contents enciphered independently 
only to the user who has a just right by creating the access ticket 13 according to the user proper 
information 16 and the description information on access rating authentication. 
[0059] Moreover, the proper information which shall consist of two proper information and uses the 
user proper information 16 on the occasion of creation of the access ticket 13, and the proper 
information which a user uses in a communications program can also be distinguished and used. The 
most typical example is the approach of making user proper information 16 a public key pair, using for 
access ticket creation by making a public key into open proper information, and enclosing the private 
key in the token 33 as a user individual's secret proper information. In this case, by enabling it to 
calculate the access ticket 13 from the description information 14 on access rating authentication, and 
the public key of said public key pair, it becomes possible to calculate the access ticket 13, keeping 
secret the user proper information 16 which is a private key. 
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[0060] Next, a more concrete configuration is **(ed) and explained to an example. In drawing 2 , the 
Internet browser 31, plug-in 38, and the program 32 for certification are realizable as a software program 
on the computer 30 (PC or workstation) which a user uses. Although you may realize as a software 
program similarly about a token 33, in order to raise the safety of the proper information (user proper 
information) for identifying a user, it is desirable to use together the tokens 33 (an IC card, a PC card, 
board, etc.) which have the Tampa-proof property connected to this computer 30. Under the present 
circumstances, if the hardware which has portability like an IC card is used, it is convenient when a user 
works on two or more PCs or a workstation. 

[0061] The enciphered contents 34 which are used by the Internet browser 31 are supplied to a user 
using storages, such as a network, CD-ROM, DVD, and a floppy disk. 

[0062] If a user demands use of the contents enciphered from the Internet browser, the Internet browser 
will look at the data type of the enciphered contents, and will load and start it in search of plug-in related 
with the data type. 

[0063] If plug-in starts, the verification program in this plug-in starts, it will communicate with the 
program 32 for certification, user authentication will be performed, and decode of these contents will be 
performed only within the case where a communication link is completed correctly. 
[0064] In order to use the contents 34 as which the user was enciphered, it is necessary to acquire the 
access ticket (auxiliary information for certification) published by user him. A user equips said PC or 
workstation with an IC card, when user proper information is enclosed with the IC card, for example, 
while registering the acquired access ticket into the program 32 for certification installed on said PC or 
the workstation. 

[0065] In harmony with certification data generator B, certification data generator A calculates based on 
the user proper information 16 and the access ticket 13, and performs the verification program 15 and 
communication link in plug-in based on the count. 

[0066] As a result of a communication link, when [ with the contents enciphered as user proper 
information and an access ticket ] three correspond surely, it restricts that authentication by the 
verification program 15 is successful. Authentication is not successful when either user proper 
information or an access ticket is missing. 

[0067] An access ticket is published by specific addressing to a user. That is, a specific user's user 

proper information is used on the occasion of generation of an access ticket. When the user proper 

information used for an access ticket generate time and said user proper information used by the 

certification data generator are not in agreement, authentication is not successful too. 

[0068] Moreover, an access ticket is generated based on the description information on specific access 

rating authentication, and the verification program 15 is constituted so that the description information 

on this access rating authentication may be attested. Therefore, authentication is not successful also 

when the description information used as the basis of generation of an access ticket and the description 

information which the verification program 15 tends to attest do not correspond mutually. 

[0069] Since it has safety sufficient in itself, an access ticket can be delivered through a network. The 

safeties of an access ticket are the following two properties. 

[0070] 1 . the user by whom an access ticket is a registered form and the access ticket was published ~ 
only he (holder of the user proper information that it was correctly used for the access ticket generate 
time) can operate certification data generation equipment correctly using this access ticket. Therefore, 
even if a holder in bad faith intercepts a network and gets other users' access ticket unjustly, unless this 
third person gets the user proper information on the normal which is the issue place of an access ticket, it 
is impossible to use this access ticket. 

[0071] 2. The access ticket holds still stricter safety. That is, even if a holder in bad faith collects the 
access tickets of the number of arbitration and performs what kind of analysis, it is impossible to 
constitute equipment which another access ticket is forged [ equipment ] based on the acquired 
information, or actuation of certification data generation equipment is copied [ equipment ], and forms 
authentication. 

[0072] In the example 1, the access ticket t is data generated based on the following formula 1. 
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[0073] 
[Equation 1] 

(1) T=D-e+omegaphi (n) 

All the notations in an upper type are integers, and express the following, n ~ RSA (Rivest-Shamir- 
Adelman) ~ law ~ it is the product of a number p and q, i.e., the two sufficiently big prime factors, 
(n=pq). phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-1) (q-1)). e 
expresses user proper information, it is a different number for every user, and it uses it in order to 
identify a user. D ~ an access ticket private key, i.e., the description information on access rating 
authentication, ~ expressing - law - it is a RSA private key under a number n, and a formula 2 is filled. 

[0074] 

[Equation 2] (2) gcd(D, phi (n)) =1 ~ here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. The property expressed by the formula (2) guarantees that several E which fills a 
formula 3 exists. 
[0075] 

[Equation 3] (3) ED mod phi(n) =1E is called an access ticket public key. 

[0076] omega is a number which becomes settled depending on n and e, and when n differs either from 
e, its value of the corresponds easily, twists it (it does not collide), and it is defined like. There is also a 
method of omega setting and on the other hand defining omega like a formula 4 as an example of the 
direction using tropism Hash Function h. 
[0077] 

[Equation 4] (4) Omega=h (n|e) 

However, notation | expresses association of a bit string. 

[0078] On the other hand, tropism Hash Functions are x which fills h(x) =h (y) and which is different 
from each other, and a function in which computing y has the property in which it is remarkable and 
difficult. On the other hand, it is RSA as an example of a tropism Hash Function. Data Security MD2 
and MD4 by Inc., MD5, and the specification SHS (Secure Hash Standard) by the U.S. federal 
government are known. 

[0079] In the number which appeared during the above-mentioned explanation, t, E, and n can be 
exhibited and D, e, omega, p, remaining q, and remaining phi (n) need to be secret in addition to those 
who have the right which creates a ticket. 

[0080] The schematic diagram of the computer (PC or workstation) which a user uses for drawing 3 is 
shown. In drawing 3 , the card reader 39 is connected to the computer 30 which a user uses, and a user 
inserts and uses a token 33 for a card reader 39. The Internet browser 31, plug-in, and the program for 
certification are realized as a software program on a computer 30. Moreover, the access ticket is also 
memorized in the storage region of a computer 30. Now, the contents which it is going to use are the 
images of the picture of a yacht, and if a user with a just token and a just access ticket makes the 
enciphered contents read into the Internet browser 31, as shown in drawing 3 , the image of the picture 
of a yacht will be displayed on the Internet browser 31 by plug-in. 

[0081] With reference to drawing 4 , an example 1 is further explained to a detail. Drawing 4 shows 
concretely the example of a configuration of the example 1 of this invention. If it is made to contrast 
with drawing 2 , the thing corresponding to the verification routine 15 consists of the access ticket 
public key storage section 51, the authentication data storage section 52, the random-number-generation 
section 53, the random-number storage section 54, the transmit data (challenge) count section 55, the 
data separation section 56, a certification data receive section 57, the random-number effectiveness 
removal section 58, and the verification section 59, and the decode program 35 runs on decode / display 
61 . Although a verification routine and a decode program are divided and being constituted from this 
example, a decode program may be made merged to a verification routine if needed. Moreover, the 
program 32 for certification consists of the data receive section 71 for authentication, the access ticket 
storage section 72, the 1st operation part 73, and the certification data generation section 76, and a token 
33 consists of the user proper information storage section 74 and the 2nd operation part 75. 
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[0082] Next, actuation is explained. All the variables in the following explanation are integers. 
[0083] [Step 1]: If a user demands use of the contents enciphered from the Internet browser, the Internet 
browser will look at the data type of the enciphered contents, and will load and start it in search of plug- 
in related with the data type. If corresponding plug-in starts, the verification routine 15 in plug-in will 
start. The contents in this case point out what a user uses through the Internet browser, for example, it is 
the display information on a homepage (an image, an animation, hyper-document, etc.), or they are 
programs like a Java applet. 

[0084] [Step 2]: The verification routine 15 of plug-in takes out an access ticket public key (E, n) and 
the authentication data KE from the contents enciphered in the data separation section, and stores them 
in the access ticket public key storage section 51 and the authentication data storage section 52, 
respectively. Here, this access ticket public key and these authentication data were explained as what is 
distributed along with the enciphered contents. Thus, it is desirable to accompany the contents 
enciphered as this access ticket public key and these authentication data consider safety although they 
may accompany the enciphered contents and you may enable it to come to hand through a network, and, 
as for these authentication data, being embedded so that a user may not understand is still more 
desirable. For example, what is necessary is to encipher, to embed these authentication data into 
contents, and just to take the approach of decoding with the decode key given to plug-in, after taking 
out. 

[0085] [Step 3]:, next the verification routine 15 generate a random number r in the random-number 
generation section 53, store it in the random-number storage section 54, and calculate transmit data 
(challenge) C according to a formula 5 using an access ticket public key (E, n), the authentication data 
KE, and a random number r. 
[0086] 

[Equation 5] (5) C=rEKE mod The n challenge C and the number n of access ticket public key methods 
(the number of the RSA methods) are transmitted to a certification data generation side. Since the 
random number r is contained in the value of C, it becomes a value which is different whenever it is a 
communication link, and has the effectiveness of preventing a replay attack. 
[0087] [Step 4]: In the program for certification, receive Challenge C and the number n of the RSA 
methods which were sent from the verification routine in the data receive section for authentication, and 
it is the following, and make and generate the certification data (response) R. First, in the 1st operation 
part, the access ticket t which uses the number n of the RSA methods as a key, and corresponds is 
acquired, under the number n of the RSA methods, a formula 6 is performed and middle information R' 
is obtained from the access ticket storage section 72. 
[0088] 

[Equation 6] (6) R-Ct mod n[step 5]: - the user proper information e that the 2nd operation part 75 is 
memorized by the user proper information storage section 74 - acquiring ~ a formula 7 ~ performing - 
difference ~ Information S is acquired. 
[0089] 

[Equation 7] (7) S=Ce mod n[step 6]: and the certification data generation section 76 ~ middle 
information [ from the 1st and 2nd operation part 73 and 75 ] R, and difference ~ Information S is 
acquired, a formula 8 is calculated and the certification data R are obtained. 
[0090] 

[Equation 8] (8) R=R'S mod n certification data R are transmitted to a verification routine. 

[0091] [Step 7]: The random-number effectiveness removal section 58 of the verification routine 15 

acquires the certification data R received in the certification data receive section 57, calculates a formula 

9 with the random number r memorized by the random-number storage section 54, and obtains K'. 

[0092] 

[Equation 9] (9) K ~ verify that 'K calculated in said random-number effectiveness removal section 58 
in the =Rr-l mod n [step 8]: verification section 59' is generated based on D which is the description 
information on access rating authentication. K -K should be realized when K' is generated based on D 
which is the description information on access rating authentication surely. Whether this formula is 
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realized has the approach of judging whether the data enciphered using this K' being decoded and it 
decoding correctly, the approach of judging by whether redundancy is given to K, the specific value is 
given to that part, and K' has that specific value, etc. Approaches, such as an international standard ISO 
9796, can be used for the latter approach. Here, using the latter approach, explanation is continued on 
the assumption that it verifies. 

[0093] [Step 9] : If verification in the verification section 59 is judged to be the right, a verification 
routine will pass decode key K' to decode / display 61. 

[0094] [Step 10]: Decode / display 61 decodes and displays the enciphered contents which separated 
decode key K' from the verification section 59 in reception and the data separation section 56. It is more 
desirable for plug-in to display directly on the field which the Internet browser specified from the field 
of safety, since the decoded information may be copied by the Internet browser, although the approach 
of passing the decoded contents to the Internet browser and displaying by the Internet browser is also 
possible. 

[0095] Thus, the user who has a just right can use the contents enciphered using the Internet browser. At 
this time, the decoded contents do not exist on temporary memory, but unjust use of the decoded 
contents can be prevented by making it disappear, after use of a user finishes. 
[0096] By this example, the enciphered contents explained an access ticket public key (E, n) and the 
authentication data KE as what is accompanied and distributed. The example of a configuration of these 
enciphered contents is shown in drawing 5 . As shown in drawing 5 , the enciphered contents consist of 
contents bodies enciphered as an access ticket public key (E, n) and the authentication data KE. The data 
separation section of a verification routine reads these, and divides them into each part. 
[0097] After the contents body is enciphered with Key K and verification is correctly completed using 
the authentication data KE, Key K can be restored through the random-number effectiveness removal 
section, and it becomes possible to decode a contents body using this key K. 
[0098] In order to raise safety more, it is desirable to be embedded so that the authentication data KE 
cannot separate into a user easily. The one approach of this implementation is shown in drawing 6 . 
Although the enciphered contents consist of contents bodies enciphered as an access ticket public key 
(E, n) and the authentication data KE like drawing 5 at drawing 6 , not only a contents body but the 
authentication data KE are enciphered further. Drawing 6 showed the authentication data KE as what is 
enciphered with Key Kp. 

[0099] The data separation section of a verification routine holds the decode key Kp corresponding to 
this cryptographic key key KP (the example using a common key encryptosystem), decodes the 
authentication data enciphered using the decode key KP which separated the contents body enciphered 
as the authentication data KE enciphered as the access ticket public key (E, n), and is held from the 
inputted whole contents, and takes out authentication data KE. Then, after verifying using this 
authentication data KE and completing verification correctly, Key K can be restored through the 
random-number effectiveness removal section, and it becomes possible to decode a contents body using 
this key K. 

[0100] Although encryption and a decryption showed Key K and Key KP as an example using the same 
key since the example which used the common key encryption system here although a contents body 
and authentication data are enciphered was shown, it is also possible to use public key cryptosystems, 
such as RS A, for this part. 

[0101] Moreover, the simplest example of a configuration of contents is shown in drawing 7 . In this 
example, contents consist of only contents bodies and processing of encryption etc. is not performed for 
a contents body, either. However, it is in the situation of being only specific plug-in that service can be 
offered using these contents. By the verification routine in plug-in, only when processing same with 
having mentioned above is performed and it is judged as a result of the judgment in the verification 
section that it is just, plug-in uses these contents and offers service. 

[0102] Below, several examples of a configuration of the processing in the verification section of the 
verification routine explained in the example 1 are described using drawing 8 - drawing 1 1 . Drawing 8 - 
drawing 1 1 mainly show the configuration about the verification section 59 in a verification routine. 
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Although it was shown here as a configuration which has a comparator 591 and the expected-value 
storage section 592 in the verification section 59 in order to clarify the difference in each example of a 
configuration, not only this but the expected-value storage section 592 etc. may be constituted on the 
outside of the verification section 59. 

[0103] (1) 1 of the example of a configuration of the verification section 59 is shown in drawing 8 . In 
this example of a configuration, the verification section 59 had the expected-value storage section 592 
and a comparator 591, and has memorized the expected value A expected as certification data in the 
expected-value storage section 592. When the random-number effectiveness is given to the certification 
data received from the certification program to the input to the verification section 59, or an 
authentication data generate time, the certification data which removed the random-number 
effectiveness from the received certification data are inputted. A comparator 591 compares the expected 
value A remembered to be this inputted certification data A' in the expected-value storage section 592. 
When judged with it being just as a result of a comparison, delivery and a display display data for a just 
judgment on a display (decode / display 61). 

[0104] In this configuration, the expected value A memorized in the expected-value storage section 592 
is not unable to steal by a program analysis etc., even if difficult. If expected value A is stolen, it will 
become possible to constitute the equipment which copies [ that the random number at the time of 
giving the random-number effectiveness can be expected, and ] actuation of a certification program, and 
unlawful access by spoofing will be attained. In order to prevent such a thing, on the other hand, using 
tropism function h() as expected value whose conversion to hard flow has a difficult property and which 
is memorized in the expected-value storage section 592 To memorize data h (A) obtained by on the 
other hand giving tropism function h() to A, and what is necessary is just made to perform the 
comparison with the data h of the result of on the other hand having given tropism function h() (A') to 
certification data A' inputted into the verification section 591. Thus, since it is remarkably difficult to 
calculate h (A) to A even if expected-value h (A) memorized in the expected-value storage section 592 
should be stolen with constituting, the above spoofing can be prevented. 

[0105] (2) 2 of the example of a configuration of the verification section 59 is shown in drawing 9 . In 
this example of a configuration, the verification section 59 had the expected-value storage section 592, 
and a comparator 591 and the decode key storage section 593, and has memorized the expected value A 
expected as certification data in the expected-value storage section 592. When the random-number 
effectiveness is given to the certification data received from the certification program to the input to the 
verification section 59, or an authentication data generate time, the certification data which removed the 
random-number effectiveness from the received certification data are inputted. A comparator compares 
the expected value A remembered to be this inputted certification data A' in the expected-value storage 
section 592. When judged with it being just as a result of a comparison, delivery, and the decode/display 
61 use this decode key K for decode / display 61 for the decode key K from the decode key storage 
section 593, encryption data are decoded, and data are displayed. 

[0106] It is possible to use tropism function h() on the other hand as well as the example 1 of a 
configuration. 

[0107] (3) 3 of the example of a configuration of the verification section 59 is shown in drawing 10 . In 
this example of a configuration, like the example 1 of a configuration, although the verification section 
59 has the expected-value storage section 592 and a comparator 591, it has memorized the decode key K 
as expected value in the expected-value storage section 592. A comparator 591 compares the expected 
value K remembered to be inputted certification data K 1 in the expected-value storage section 592 like 
the example 1 of a configuration. When judged with it being just as a result of a comparison, delivery, 
and the decode/display 61 use this decode key K for decode / display 61 for decode key K', encryption 
data are decoded, and data are displayed. 

[0108] (4) 4 of the example of a configuration of the verification section 59 is shown in drawing 1 1 . In 
this example of a configuration, the verification section 59 has the redundancy Banking Inspection 
Department 594. When the random-number effectiveness is given to the certification data received from 
the certification program to the input to the verification section 59, or an authentication data generate 
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time, the certification data which removed the random-number effectiveness from the received 
certification data are inputted. This inputted certification data K 1 is inspected in the redundancy Banking 
Inspection Department 594. This approach gives redundancy beforehand to K, as mentioned above, and 
it inspects whether K' has that redundancy. For example, approaches, such as an international standard 
ISO 9796, can be used. If inspection of redundancy is passed in the redundancy Banking Inspection 
Department 594, the redundancy Banking Inspection Department 594 will use decode key K' for 
decode / display 61, delivery, and the decode/display 61 will use this decode key K, encryption data will 
be decoded, and data will be displayed. 

[0109] [Example 2] The example 2 of this invention is explained below. That it is data with which the 
certification data generated by certification data generation equipment 1 1 were generated in the example 
1 of this invention based on the data for verification, and the description information on access rating 
authentication It restricts to the time when the verification routine 15 of certification data verification 
equipment 10 verified, and the justification of certification data was verified. The example which unified 
the certification data verification routine 15 and the decode program 35, and was included in the Internet 
browser as a plug-in module about the service provision equipment with which service is offered was 
described. It was what the result of having removed the random -number effectiveness from the 
certification data which the verification routine 15 received in the example 1 becomes a decode key for 
decoding by decode/display, and judges whether the decode key is just, decodes encryption data using 
the decode key only when just, and offers service. 

[0110] However, it is not necessary to necessarily judge the justification of the decode key like an 
example 1 in the example using the result of having removed the random-number effectiveness from 
certification data, as a decode key. It becomes possible for decode to be correctly successful and to offer 
service, in being a just decode key by decoding encryption data, using the result of having removed the 
random-number effectiveness from certification data, as a decode key as it is, and in not being a just 
decode key, decode only brings the result that service cannot be offered, without succeeding. 
[01 1 1] An example 2 explains the example which does not have the verification section in this way. 
Hereafter, in the example 2, although the word verification "routine" is used, the verification section 
does not exist in this verification routine. That is, the part which judges whether verification was 
successful does not exist. An access ticket public key (E, n) and the authentication data KE are taken out 
from the enciphered contents, and the data for authentication are generated using them, it transmits to a 
certification program, and processing which passes the result of having removed the random-number 
effectiveness from the certification data returned from the certification program to decode/display, as a 
decode key is performed. 

[0112] Drawing 12 shows the example of a configuration of an example 2. Drawing 12 is the 
configuration of having lost the verification section 59 from drawing 4 , and is the same configuration as 
drawing 4 except it. 

[0113] Also about actuation, it is almost as the same as the example 1 explained, and [step 1] - [step 7] 
performs the same processing. Hereafter, [step 8] or subsequent ones is explained. 
[0114] [Step 8]: End processing of a verification routine by step 7, and pass a verification routine to 
decode / display 61 by using as a decode key K' calculated in said random-number effectiveness 
removal section 58. 

[0115] [Step 9]: Decode / display 61 decodes and displays the enciphered contents which separated 
decode key K' from the random -number effectiveness removal section 58 of a verification routine in 
reception and the data separation section 56. In a certification program, only when a user with a just 
token generates certification data using a just access ticket, decode key K' becomes a right decode key, 
and the enciphered contents are decoded correctly and it is displayed. When a token or an access ticket 
is not just, decode key K' cannot become a right decode key, and since the enciphered contents are not 
decoded correctly, it will not be indicated by the right. 

[0116] [Example 3] The example 3 of this invention is explained below. Drawing 13 shows the 
configuration of the example 3 of this invention. The above is an example using a different protocol in a 
certification data verification side, and this example 3 is close to the configuration which advanced the 
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component of the verification section shown by drawing 8 (b) of an example 1 out of the verification 
section. The same number has shown drawing 4 and a corresponding thing. In drawing 13 , 81 expresses 
the decode key storage section and the verification routine has held the decode key K for decoding 
contents beforehand. 

[0117] The configuration of the enciphered contents consists of an enciphered contents body and an 
access ticket public key, and does not need to contain authentication data. 
[0118] Next, actuation is explained. All the variables in the following explanation are integers. 
[0119] [Step 1]: If a user demands use of the contents enciphered from the Internet browser, the Internet 
browser will look at the data type of the enciphered contents, and will load and start it in search of plug- 
in related with the data type. If corresponding plug-in starts, the verification routine 15 in plug-in will 
start. The contents in this case point out what a user uses through the Internet browser, for example, it is 
the display information on a homepage (an image, an animation, hyper-document, etc.), or they are 
programs like a Java applet. 

[0120] [Step 2]: The verification routine 15 of plug-in takes out an access ticket public key (E, n) from 
the contents enciphered in the data separation section, and stores it in the access ticket public key storage 
section 5 1 . 

[0121] [Step 3]:, next the verification routine 15 generate a random number r in the random-number 
generation section 53, store it in the random-number storage section 54, and transmit Challenge C and 
the number n of access ticket public key methods (the number of the RSA methods) to a certification 
data generation side by setting a random number r to transmit data (challenge) C. in this case, the 
certification data which the program for certification returns ~ Challenge C ~ law ~ it should become 
what is the basis of a number n and was enciphered using RSA cryptograph ~ it comes out. 
[0122] [Step 4]: In the program for certification, receive Challenge C and the number n of the RSA 
methods which were sent from the verification routine in the data receive section for authentication, and 
it is the following, and make and generate the certification data (response) R. First, in the 1st operation 
part, the access ticket t which uses the number n of the RSA methods as a key, and corresponds is 
acquired, under the number n of the RSA methods, a formula 6 is performed and middle information R' 
is obtained from the access ticket storage section 72. 

[0123] [step 5]: ~ the user proper information e that the 2nd operation part 75 is memorized by the user 
proper information storage section 74 ~ acquiring - a formula 7 - performing ~ difference - 
Information S is acquired. 

[0124] [step 6]: and the certification data generation section 76 ~ middle information [ from the 1st and 
2nd operation part 75 ] R, and difference ~ Information S is acquired, a formula 8 is calculated and the 
certification data R are obtained. The certification data R are transmitted to a verification side. 
[0125] [Step 7]: The verification section 59 of the verification routine 15 acquires the received 
certification data R, and verifies by comparing the random number r and count result r' which calculate a 
formula 10 and are memorized by the random-number storage section 54. 
[0126] 

[Equation 10] (10) The r -RE mod n random number r and count result r' are regarded as verification 
having been successful, when equal, and the verification routine 15 passes the decode key K to 
decode/display. 

[0127] [Step 8]: Decode / display 61 decodes and displays the enciphered contents which separated the 
decode key K from the verification section 59 in reception and the data separation section 56. It is more 
desirable for plug-in to display directly on the field which the Internet browser specified from the field 
of safety, since the decoded information may be copied by the Internet browser, although the approach 
of passing the decoded contents to the Internet browser and displaying by the Internet browser is also 
possible. 

[0128] Thus, when it only verifies that a user has a just right and verification is successful, you may 
make it decode the contents enciphered with the decode key registered beforehand by the verification 
routine. 

[0129] Although the example which constitutes the part of a verification routine from the above 1st 
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thru/or an example 3 by the software program was shown, the decode key K of contents must be made 
secret in that case. Because, anyone can decode the contents enciphered as K will be revealed, and they 
will allow unjust use of contents. Therefore, a verification routine needs to protect an in-house data by a 
certain approach. As such an approach, in case a program is coded to a machine language, there is the 
approach of difficulty-in-reading-izing so that it may be hard to analyze an in-house data and a program 
procedure and they may become. These techniques are introduced by the Takanori Murakami 
"difficulty-in-reading-ized of program code" Institute of Electronics, Information and Communication 
Engineers technical research report (IEICE Technical Report) information security, ISEC 95-25 (1995), 
etc. Moreover, the approach of constituting a verification routine and a decode program from one 
hardware in addition to the software-based technique may be used. In that case, it can constitute from 
hardware, a PC card, an IC card of dedication, etc. Moreover, it is also possible to constitute all 
verification routines, certification data generation sections, and decode/displays from one hardware. 
[0130] [Example 4] The example 4 of this invention is explained below. This example explains the 
example of a configuration which used use control information. Use control information is the control 
information for controlling generation of certification data, and is control information which describes 
the conditions which offer service, and is distributed with an access ticket. When not agreeing on 
conditions, as control information checks these conditions when the term which offers service, a tariff 
frame, a count, time amount, etc. can be described and certification data are generated, and it does not 
generate certification data, it can stop offer of service. To control information, the attribute of users, 
such as an executive, sex, and age, is described besides this, and it is also possible to control generation 
of certification data as compared with a user's attribute currently held in the token. 
[0131] Below, the explanation when using a use term as control information and the explanation when 
using a tariff frame are described briefly. 

[0132] In this example, the access ticket t is data generated based on the following formula 11. 
[0133] 

[Equation 11] 

(11) t=D-F(n,e,L) 

the 3 variable function with which, as for the 3 variable function F (x y, z), a function value cannot 
collide easily ~ it is - for example, the above-mentioned - on the other hand, it can set like a formula 

13 using tropism Hash Function h. 
[0134] 

[Equation 12] 

(12) F(x,y,z)=h(x|y|z) 

All the notations in an upper type are integers, like an example 1, the number of the RSA methods and D 
express an access ticket private key, and, as for e, n expresses user proper information. L is use control 
information and, on the other hand, function F() is a tropism function. 

[0135] With reference to drawing 14 , this example is further explained to a detail. Drawing 14 shows 
concretely the example of a configuration of the example 4 of this invention. The left half of drawing 

14 , i.e., plug-in, and verification routine side is the same as drawing 4 of an example 1 . 

[0136] The program 32 for certification consists of the data receive section 71 for authentication, the 
access ticket storage section 72, the 1st operation part 73, and the certification data generation section 
76, and a token 33 consists of the user proper information storage section 74, the 2nd operation part 75, 
and the use control information judging section 77. 

[0137] In addition to the number n of the RSA methods, and the access ticket t, the access ticket storage 
section 72 made use control information L the group, and has memorized it. The use control information 
judging section 77 passes the use control information L to the 2nd operation part 75, only when the 
conditions of the use control information L passed from the access ticket storage section 72 are judged 
and it judges with the right as a result of a judgment, the time of the use control information L being 
passed from the use control information judging section 77 in the 2nd operation part 75 ~ a formula 13 - 
- being based - difference ~ Information S is calculated and it sends to the certification data generation 
section 76. 
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[0138] 

[Equation 13] 

(13) S=CF (n, e, L) mod The time of using a use term as use control information is explained below by 
n. When it has a use term as use control information, the value of the use control information L is a 
value like 199712312400. In this case, this value expresses that a use term is 24:00 on December 31, 
1 997. It does not matter as for expressing with the relative number of seconds from a certain time 
instead of such a figure etc. 

[0139] The use control information judging section 77 in a token has a clock, and compares with current 
time of day the use control information L passed from the access ticket storage section 72. And when the 
value of the use control information L is the back [ time of day / current ] as a result of a comparison, it 
judges with the right and the use control information L is passed to the 2nd operation part 75. the time of 
the use control information L being passed from the use control information judging section 77 in the 
2nd operation part 75 -- a formula 13 ~ being based ~ difference ~ Information S is calculated and it 
sends to the certification data generation section 76. 

[0140] Henceforth, like an example 1, the certification data R are calculated using a formula 8 in the 
certification data generation section 76, in the random-number effectiveness removal section 58 of the 
verification routine 15, the certification data R received in the certification data receive section 57 are 
acquired, a formula 9 is calculated with the random number r memorized by the random-number storage 
section 54, and K' is obtained. 

[0141] Whenever count was made using the right access ticket t, the right user proper information e, and 
the right use control information L, K -K is realized, the judgment with the right is made by the 
verification section of the verification routine 15, and service is offered. It is going to use the access 
ticket with which the use term of the use control information L has expired, and since the access ticket t 
cannot be altered even if it alters the use control information L it is remembered to be by the access 
ticket storage section 72 whether you are whom, it cannot become in a right value and the certification 
data R generated using the formula 8 in the certification data generation section 76 cannot receive offer 
of service unfairly. 

[0142] When the use control information L is the amount of use of service, the figure 100 is given once 
in 100 yen semantics as a value of for example, the use control information L. 
[0143] A token has the prepaid balance storage section which memorizes prepaid balance information, 
and the use control information judging section 77 in a token compares the use control information L 
with the prepaid balance, when the prepaid balance is larger, it judges with the right, reduces the value 
which corresponds in use control information L minutes from the prepaid balance, and passes the use 
control information L to the 2nd operation part 75. The following processings are the same. 
[0144] Moreover, it has the use hysteresis storage section, and the use control information judging 
section 77 in a token records the value of the use control information L on the use hysteresis storage 
section with information, such as time of day, and you may make it pass the use control information L to 
the 2nd operation part 75 instead of the prepaid balance storage section. In this case, it processes 
collecting the use hysteresis sometimes memorized by the use hysteresis storage section, and paying the 
corresponding amount of money etc. 

[0145] Thus, also except the example shown here, after checking the use control information L by the 
use control information judging section 77, it becomes possible to perform various use control with 
constituting so that the use control information L may be passed to the 2nd operation part 75. 
[0146] [Example 5] The example 5 of this invention is explained below. An example 5 is an example 
which distributes the contents encapsulated using satellite broadcasting service, and offers service. Here, 
it points out preventing from using, if contents are remained as it is by giving encryption etc. as 
capsulation. The schematic diagram of the service provision system which used satellite broadcasting 
service for drawing 15 is shown. The encapsulated contents are distributed to each user using satellite 
broadcasting service. A user receives a satellite electric wave with a satellite antenna, and inputs into a 
receiver 100. In a receiver, the service provision equipment of this invention is mounted, and when 
verification is successful, contents can be used. 
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[0147] The contents offered here can consider various things, such as a movie, music, a TV program, 
software, a photograph, reference, and news. Each contents are used in the television video 200 
connected to the receiver 100, audio equipment 300, and (Computer PC) 400 grade. Here, although the 
example into which the receiver 100 and the service use device are divided is explained, the service use 
device by which the receiver 100 was built in can explain similarly. 

[0148] The structure of the encapsulated contents is shown in drawing 16 . The encapsulated contents 
are classified into the data enciphered as the contents header. The contents header has the label, the 
public key (E, n), and the enciphered decode key for identifying contents. The enciphered data are 
equivalent to the contents body enciphered in the aforementioned example. 

[0149] Drawing 17 is the example which showed the configuration of the receiver 100 in drawing 15 
concretely. Each circuit of a receiver 100 is controlled by the microcomputer. The satellite signal from a 
satellite antenna is first inputted into the tuner 101 of a receiver 100. A tuner 101 extracts the data of the 
channel which the user chose with the panel of a receiver 100, or remote control. An error correction 
circuit / descrambling circuit 102 reverts as contents, and inputs the extracted data into the data control 
circuit 103. In the data control circuit 103, when it identifies with a contents label whether contents are 
encapsulated or not and contents are not encapsulated in it, an output side is passed as it is. Contents are 
inputted into verification / decoder circuit 104 when contents are encapsulated. Although it is possible in 
verification / decoder circuit 104 to verify justification by the verification routine shown in the old 
example, an example 5 shows and explains an option. The detail of this approach is explained with 
reference to drawing 18 . In addition, the decoded data are supplied to a use device as a signal which the 
video decoder 106 or the audio decoder 107 is sent through a demultiplexing circuit 105, and 
corresponds. 

[0150] The verification procedure (protocol) of an example 5 is shown in drawing 18 . The same number 

has shown the part which has the same function as an example 1. 

[0151] The access ticket t in an example 5 is data generated based on a formula 14. 

[0152] 

[Equation 14] (14) t=D-F(n,e) 

All the notations in an upper type are integers, and express the following. (Refer to the formula of an 
example 1) 

n is the product of the number p and q of the RSA methods, i.e., the two sufficiently big prime factors, 
(n=pq). phi (n) is the Euler number of n, i.e., the product of p-1 and q-1, (phi (n) = (p-1) (q-1)). e 
expresses user proper information, it is a different number for every user, and it uses it in order to 
identify a user. D ~ an access ticket private key - expressing ~ law ~ it is a RSA private key under a 
number n, and a formula 2 is filled. Here, gcd (x y) expresses the greatest common measure of more 
than 2 [ x ] and y. 

[0153] The property expressed by the formula (2) guarantees that several E which fills a formula 3 
exists. E is called an access ticket public key. 

[0154] the 2 variable function with which, as for the 2 variable function F (x y), a function value cannot 
collide easily ~ it is ~ for example, the above-mentioned - on the other hand, it can set like a formula 
15 using tropism Hash Function h. 
[0155] 

[Equation 15] 
(15)F(x,y)=h(x|y) 

An example 5 is explained to a detail using a Fig. below. The verification / decoder circuit 104 in 
drawing 17 are shown by 38 at drawing 18 . Verification / decoder circuit 38 consists of a verification 
routine 15 and the decode section 61, it is realizing by ASIC (application specificintegrated circuit) etc. 
and the safety of high-speed processing of decode or a verification routine is guaranteed. It is also 
possible to, realize verification / decoder circuit 38 by the software program, of course. Moreover, in 
order to raise safety more, you may constitute from hardware which has the Tampa-proof property 
mentioned above. In verification/decoder circuit, the encapsulated contents which were received from 
the data control circuit are divided into the data enciphered as the contents header in the data separation 
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section 56, and the data enciphered by the authentication data storage section 52 in the decode key KE 
enciphered by the access ticket public key storage section 51 in the public key (E, n) are stored in the 
decode section 61, respectively. And while verification/decoder circuit generates a random number in 
the internal random-number generation section and memorizes it in the random-number storage section 
54, it calculates transmit data C based on a formula 5 in the transmit data count section like an example 
1. 

[0156] thus, calculated transmit data C ~ law - it is transmitted to a certification program together with 
a number n. 

[0157] The operation of the 1st operation part 73 of a certification program and the certification data 
generation section 76 is performed with a microcomputer, and the access ticket is memorized by 
EPROM (erasableprogrammable read only memory) etc. Authentication data choose the access ticket [ / 
based on n which received ] t, it is the basis of the number n of the RSA methods received from the 
authentication data receive section 71, and perform a formula 16 and obtain middle information R' from 
the access ticket storage section 72. 
[0158] 

[Equation 16] 

(16) R-Ct mod an IC card realizes n token ~ having ~ the user proper information storage section 74 
and the 2nd operation part 75 — having ~ a microcomputer to the data for authentication - receiving ~ a 
formula 17 ~ performing ~ difference ~ Information S is acquired. 

[0159] 

[Equation 17] 

(17) S=CF (n, e) mod n and the certification data generation section 75 of a certification program ~ 
middle information [ from the 1st and 2nd operation part 73 and 75 ] R', and difference - Information S 
is acquired, a formula 18 is calculated and the certification data R are obtained. 

[0160] 

[Equation 1 8] (1 8) R=R'S mod n, thus the obtained certification data R are transmitted to the 
certification data receive section 57 of verification/decoder circuit. 

[0161] The random-number effectiveness removal section 58 of the verification routine 15 acquires the 
certification data R received in the data receive section 57, calculates a formula 19 with the random 
number r memorized by the random-number storage section 54, and obtains the decode key K. 
[0162] 

[Equation 19] (19) K=Rr -1 mod n - redundancy is given to K at this time and you may make it verify 
whether the decode key K was correctly decoded by giving a specific value to that part in the 
verification section 59 The obtained decode key K is inputted into the decode section 61, in the decode 
section 61, decodes the enciphered data using the decode key K, and outputs them as contents. 
[0163] The outputted contents are used with PC as digital data, or are used as image information or 
audio information. 

[0164] The general- view Fig. of the service provision equipment of this example is shown in drawing 
19 . As shown in drawing, service provision equipment is connected to television. Although not shown 
in drawing, while it connects with the satellite antenna and service provision equipment receives satellite 
broadcasting service, it connects with the network through the modem and it can acquire the access 
ticket for using the encapsulated contents which received by satellite broadcasting service. As shown in 
drawing 19 (a), when contents are enciphered and the token is not being inserted in service provision 
equipment, a user cannot see an image. Then, if a user acquires a just access ticket and a token is 
inserted in service provision equipment, as shown in drawing 19 (b), he can see an image. 
[0165] Thus, in this invention, in spite of enciphering and offering contents by one cryptographic key, if 
it does not have both of tokens which stored the access ticket customized for every user, and user proper 
information, service can be used no longer. Therefore, contents are enciphered, and the provider 
(provider) of contents can be provided using the mass media like satellite broadcasting service, and can 
perform positive use management for every user by the access ticket and the token. 
[0166] [Example 6] The example 6 of this invention is explained below. Although the above described 
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the case where it encapsulated for every contents, the encryption same about the broadcast channel of 
satellite broadcasting service is given as applications other than this, and there is a case where he wants 
to restrict use of contents by managing viewing-and-listening time amount etc. Such service is realized 
by expressing an access ticket by the formula 20. 
[0167] 

[Equation 20] (20) t=D-F(n,e,L) 

Here, L is use control information and expresses a use term, the 3 variable function with which, as for 
the 3 variable function F (x y, z), a function value cannot collide easily ~ it is -- for example, the above- 
mentioned ~ on the other hand, it can set like a formula 21 using tropism Hash Function h. 
[0168] 

[Equation 21] 

(21) F(x,y,z)=h(x|y|z) 

The example of a configuration of use control information is shown in drawing 20. The use control 
information L consists of use start time, use end time, and a use tariff as shown in drawing. A use tariff 
is required only when a token has a prepaid function, and when not using a prepaid function, it can be 
omitted. The verification protocol at the time of using the use control information L for drawing 21 is 
shown. The same number has shown the thing of the same function as drawing 18 here. 
[0169] Hereafter, an example 6 is explained to a detail using drawing. In verification/decoder circuit, the 
encapsulated contents which were received from the data control circuit are divided into the data 
enciphered as the contents header in the data separation section 56, and the data enciphered by the 
authentication data storage section 52 in the decode key KE enciphered by the access ticket public key 
storage section 51 in the public key (E, n) are stored in the decode section 61, respectively. And while 
verification/decoder circuit generates a random number in the internal random-number generation 
section and memorizes it in the random-number storage section 54, it calculates transmit data C based 
on a formula 15 in the transmit data count section. 

[0170] thus, calculated transmit data C — law — it is transmitted to a certification program together with 
a number n. 

[0171] The operation of the 1st operation part 73 of a certification program and the certification data 
generation section 76 is performed with a microcomputer, and the access ticket is memorized by 
EPROM (erasableprogrammable read only memory) etc. Authentication data choose the access ticket t 
and the use control information L, it is the basis of the number n of the RSA methods received from the 
authentication data receive section 71, and perform a formula 16 and obtain middle information R' from 
the access ticket storage section 72. [ / based on n which received ] 

[0172] A token has the user proper information storage section 74 and the 2nd operation part 75, and has 
prepaid frequency and token time-of-day data further. A token verifies whether the expiration date in 
reception and use control information is contradictory to token time of day in the data for authentication, 
and the use control information L from a microcomputer. That is, when use start time <= token time-of- 
day <= use end time has come, it is considered that verification was successful. If it succeeds in 
verification of an expiration date, it checks that the frequency of a token remains more than the number 
of availabilities within the use control information L, and if it remains, several availability minutes in 
the use control information L will be subtracted from the frequency of a token. When verification of an 
expiration date went wrong, and when frequency is insufficient, it does not process but an error is 
returned, the case where the above-mentioned verification is successful - a formula 22 ~ performing ~ 
difference ~ Information S is acquired. 
[0173] 

[Equation 22] 

(22) S=CF (n, e, L) mod n and the certification data generation section 75 of a certification program ~ 
middle information [ from the 1st and 2nd operation part 73 and 75 ] R, and difference ~ Information S 
is acquired, a formula 1 8 is calculated and the certification data R are obtained. Thus, the obtained 
certification data R are transmitted to the certification data receive section 57 of verification/decoder 
circuit. 
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[0174] The random-number effectiveness removal section 58 of the verification routine 15 acquires the 
certification data R received in the data receive section 57, calculates a formula 19 with the random 
number r memorized by the random-number storage section 54, and obtains the decode key K. Here, 
when the use control information L used by the token is altered, an exact decode key cannot be taken 
out. Redundancy is given to K at this time and you may make it verify whether the decode key K was 
correctly decoded by giving a specific value to that part in the verification section 59. The obtained 
decode key K is inputted into the decode section 61, in the decode section 61, decodes the enciphered 
data using the decode key K, and outputs them as contents. 

[0175] The outputted contents are used with PC as digital data, or are used as image information or 
audio information. 

[0176] In this example, although time of day is given to the token, since there is no clock in the interior 
when using an IC card, it is necessary to guarantee the justification of token time of day. 
[0177] It is also possible to be able to set up the right of use for every time amount, and to realize 
functions, such as pay-per-view, by doing in this way, though he cannot use an access ticket unless a 
user is within the expiration date in use control information, but the contents of one channel are 
enciphered by the same cryptographic key. 

[0178] In addition, this invention is not limited to an above-mentioned example, and use of contents can 
be performed through various record media, communication media, and a broadcast medium. It can 
apply, when using the various communication media and the broadcast medium other than the Internet 
and satellite broadcasting service. For example, it is applicable also to offer of service of the online 
karaoke by the usual telephone network, the data communication network, and TCP/IP connection. 



[Translation done.] 
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* NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

l.This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2 **** s h ows the word which can not be translated. 
3. In the drawings, any words are not translated. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram showing the theoretic example of a configuration of this invention. 
[Drawing 2] It is the block diagram showing the outline of the example of a configuration of an example 
1. 

[Drawing 3] It is the schematic diagram of the computer which the user of an example 1 uses. 
[Drawing 4] It is the detailed block diagram of the example of a configuration of an example 1. 
[Drawing 5] It is the example 1 of a configuration of the contents as which the example 1 was 
enciphered. 

[Drawing 6] It is the example 2 of a configuration of the contents as which the example 1 was 
enciphered. 

[Drawing 7] It is the example 3 of a configuration of the contents as which the example 1 was 
enciphered. 

[Drawing 8] It is the example of a configuration of the processing in the verification section of an 
example 1. 

[Drawing 9] It is the example of a configuration of the processing in the verification section of an 
example 1. 

[Drawing 10] It is the example of a configuration of the processing in the verification section of an 
example 1. 

[Drawing 11] It is the example of a configuration of the processing in the verification section of an 
example 1. 

[Drawing 12] It is the detailed block diagram of the example of a configuration of an example 2. 
[Drawing 13] It is the detailed block diagram of the example of a configuration of an example 3. 
[Drawing 14] It is the detailed block diagram of the example of a configuration of an example 4. 
[Drawing 15] It is the schematic diagram of an example 5. 

[Drawing 16] It is the block diagram of contents with which the example 5 was encapsulated. 
[Drawing 17] It is the detailed block diagram of the example of a configuration of an example 5. 
[Drawing 18] It is the detailed block diagram of the example of a configuration of an example 5. 
[Drawing 19] It is drawing of the example of a configuration of an example 5. 
[Drawing 20] It is the block diagram of the use control information of an example 6. 
[Drawing 21] It is the detailed block diagram of the example of a configuration of an example 6. 
[Description of Notations] 

10 Certification Data Verification Equipment 

1 1 Certification Data Generation Equipment 

12 Access Ticket Generation Equipment 

13 Access Ticket (Auxiliary Data for Certification) 

14 The Description Information on Access Rating Authentication 

15 Verification Routine 

16 User Proper Information 
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17 Certification Data Generator 

1 8 Data for Authentication 

19 Certification Data 

20 Tamper-proof Equipment 

30 Computer 

31 Internet Browser 

32 Program for Certification 

33 Token 

34 Contents 

35 Decode Program 

38 Plug-in (Plug-in Module) 
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[0 0 4 2] *%9£©llffi$J 1 'f y#-*7 b7* 
571f (Netscape Navigator -tRH 

Iflf-^»-fyi 5 fc(#t7n?7A3 5 
fc*HHbl/r7??>f y (P 1 u g - I n) t^a- 

mt%V7YVx.77v772±mU 
a-tffcSr L^f- * * -T 7©#Jffl b t S £ 

-fy*-*v b757WJ-#-bLTW3: 
^T-2^7©tfB£^-^frP,§ttlK3i:, -0* 

b^^m tof-**^ ^KBnaft^Bn 
■avB^y-f^ftSi/rn-FU surra, cnic 

[0 0 4 3] #f|j®0J©ii£©^U^T-*#^7fc{* 

7->wm€ftsnrc3yr^3 4*-9--/^5Sw 

ffiSfc. ^y^-^-y b7"7^-tfW^b^n/cnyr 

y l 5 1 cfc t) ^II^/S* b /c^^(c aa^y n 9v k 3 

[0 0 4 4] ffl&T-*&$2kW&. um^vfyh 
32 t Y-ty 3 3 tT«^n§„ S8BEffl/a^7^ 
3 2tt7^-tX^<y b 1 3 lffl&.T-*£.l$tfv97 
AA3 6^t?V7b'>x77°n^AT$D^ 3.-+f 

o^-vt;vnyt°a-^ (pc) l^iljitt^o b- 

7^3 3ttBiEr-*^^a^vAB 3 7 
#1flSl6t%^ ^n-^cjc^rt^mi©^^ 

[0 0 4 5] Sfe, a-tftttMBi-ifB^IWIKfti 
B#«4*6ns. cn7u?7l*l&, 7^7V 
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fco, zL-*m%mi \ 6t7m^7M 3## 
wmtmmmmT-z 4 5 £©n- 
/ciiit «fc o a-? swum 1 6 awapEsa-r s * m 

7n?vAB 3 7«MlH»#>v^-F^x7rt£l&J6 
fll*-* KS-CfSWSftfc I C f-7 73: HtffSfMTl 10 
fi?Efl^J§£H\ #^¥0 8-2 8 4 4 7 5*§<D THf^ 

[0 0 4 6] !P^r-^»l/-^> 1 5<OfttB*«"F 

[0047] i . wmf-mu^-^y 1 5 *e«, 

gM?5^£r-2 Mfflr-2 4 2) fcJHflSft* 

iHBr-* we) *m*nTv^«o beet-** 20 

II;l/-^yi 5tt, Mffi&Mr-**lKt)lilLT3.-tf 
Egff U a-lf^6Sfl|*S^5o #i^T\ a— tf 

^5,©Hr-^iiMia^ffli;^t«?tT, mm- 

yW3 4*«flT, 3-^EfiJ/Ml£MlT3 
[0 0 4 8] 2. OTJr-^OTM'-f- y 1 5* 

mZ&mZo ^X\ 3-^5<DM{8t-*E- 
#l&ttH»*ffiLfcfc*, MIBJHfSflfcJtRLT, S« 
tfH&Lfci§£E«*l7n?7i»3 5t«tom^ksn 

[0 0 4 9] ±1H 1 , 2 0fffflE43VT, 3IfeT-*tf 
5 Lfcl§£E &, 7 * -t X«MiE©»lf 

/c^e 7 * -b x js*aaiEo«pait«tia*» t * 

[0 0 5 0] 3. M-r-^^E^-^y 1 5*Ktt, 
;l/-f-yi 5tt, WB3aSlir-**«0abTa-1fK: 
T-#ZWmtLT, S#7u?7A3 5lc,J:»>HI*l 

ft«jtrt? 3 y r y ^ mm 3 c 

[0 0 5 1] 4. M.W^-Z&Wl'-^y 1 5*E«, 50 
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y l 5 «, HufB^iir- ^UfJttiL TS»H 

[0 0 5 2] 5. !IBJ3r-^IE;l/-^y 1 5«, 8g*i 
fcsnfe 3 yf y y EfcfeS Lfcjljf r- £ 5 . 
COS^ j£Mr-2«Bi^t£ftfc3yryy©^E 
HA2ftT^TtJ;i\ iOTr- £$11/1/-^ yi 5 
gWR?fcMiE^r-*£a-1fEBiIU 3.- 

3 4ft*3l,T, 3-^Efmt£&tttlT3y 
[0 0 5 3] 6. IP^r-^^!£;l/-^y 1 5fct, RB# 

aA2ftT^T*><fcV\ tHBr-*MI;l/-^yi 5 

mm?- mm$m%*m <o m^itmm 

yryy 3 4i&*#uTs ^-mcmmmmmx-a 
yT-yyzm&tZo 

[0 0 5 4] ±E37bS6 0fffflEfeV>T, lllr-^ 

ftfc3yryy3 4ttiEb<«4i;£J-u a-tf'ttiny 
[o o 5 5] st, mm?i&<rcmimmx 

tt, 3-ifHWfflS (a-if©jg|E» tf7*-feXS8 
^1/-^ y 7 ^ -fe XS«E©1f Vm ffi t EWr- 

^^fiE;i/-^y^p,^i$n/cT-^fc^A^bT, £ 

{B7-*£H-H75o 
[0 0 5 6] cnE>ftt*^cDWi, 

is 1 6 trttxmmmmm 1 4 ^swc® 
^AA t B»a— tfstfi! is 1 6 mmr-mwv 

V 1 3^ktst LXMliT-t mWr-Z) 

4 5mm%o z.mmmyfDm.m-Do 

[0 0 5 7] 1. 7m^yH3B«Fg©a-1f 
ilt'ifg 1 6 fc7^-bX««iE©#»fg 1 4 J: Eg 

2. a— IfHttffil 6*»6-ffc7^-feX^v h 1 

3 *^ , 7 * -b xa«giiEoi#aifffi 1 4 mmt % c 
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3 . mWr-tmyu ffvhk t B «, a-if Hfcfit 
ffil 6t7^-kX^7 b 1 3 t^mLl/«^b^cD 
i§£, BP^ a-if0t1^Bl 6 t7<?W?*y b 1 
3 fcOEUSB#£fc#tf ArtSftfc«£fc:ISoT, E 

[0 0 5 8] fiUfciO, a— »fH:*6fri;«>a— 

■bXjS«EBEOl#atf « t fcfSlirmSt* c fcT\ IE 
a«:WPJ*tt«3L-»fK:o*3L-*fHWfi!a l 6 tit 

[0 0 5 9] £fc, a-tfBtf ffll 6*ro00£1f 
SfrBftSfcOfcU 79*Zf-try b l 3 0ffrtEB 

a-ifHWH?Sl 6*»Bttt^7fc 
U &Ma*&H0£flH8fcLT7*-feX?*y bfM 

3 rtfc&AUTfc< co#&t47* 
b 1 3*7**7K8^©ftfMlHB 1 4 i: 

[0060] at «fc 'ommmmc-o^xmmmm 

3 1 t77?'fy3 8£mRl7a77J»32l*, a- 
-tf0ffl^5fW»3O (PCS5Wi7-^f->3 
» ±OV7b^x77 p a^vAttT^-r5<:fc^ 
5. h-^>3 3tO^TtIil^CV7h^x7y 

-^y3 3 (ic*-h\ PCrt-K, #-Ft» £0f 

ffltSOtflSL^, COB, IC*-FO«fe5*«?ff 

tt*wi-5A- F^x7^fflv^n«\ a— «f*<«aop 

C & 5 l^i 7- * Xr-5> a y±TffiW- 5 « £fc«*J 
[0 0 6 1] h75*1f 3 lTfiJffltSBI 

^ft^ftfc 3yf>734d < * 7 b 7-^ c d - r 

OM, DVD, 7UyV-T4X9$<Dmm*m^ 

[0 0 6 2] h7y*Vtoe>m% 
it$ titt 3 yf y y tf>?OT *B*t 5 £ , -Y y # -* 7 

HT, *0T-*2^7fc88a#tt5ftT^577?V 
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[0 0 6 3] ^TW^t 
ft tTa-lfBK*fT lr\ IMtf IE L < m Ufc«£fc 

m?Ts mzyTyycom^zmitZc 
[0064] a-vm&HkttiitxyTyy 3 4«iu 

^7b (IPJMftfiffR) fcUHfrs&gtfi&S. a- 
•ifttHlMEP Cfe5i/Hi7-^Xr-^a y_k^yx b 

f-7-7 b^SSta k k fee, ffl*fcfa-if0*rfiHBtf 
I C ft- Kfci*A£ftTV3ii£Ktt, I C ts- F£M 

[0 0 6 5] tOTr-^/C/P^AAte, SEEr- 

n&f&Tnirjkn trnvx, zL-vmim 1 6 1 

7t-tX?>rv b 1 3 fcKS^^TlW*ffV\ 
gEg^VT77^y*©4£tiE7W7A 1 5 fclft 

[0 0 6 6] litOiSH, mivVvL 1 5 KiSIB 

bfc, Bt^k*nfc3yry^t©3^Et<*tJSL 
T^*«^fcH*. a-if@WtSS*5^tt7f*^f- 

[oo6 7] Tt^wrv umfe<»3--*fmcm 

©a— ifoa-ifi*1IHH*MSeffl*n«. 7^^x^^ 

7 bs«}c^ffl$n§a-^@t'i ewt*-* 

n ^ 5 At J: o T^ffl $ ft 5 milEa-if @ W1f f I 

[0 0 6 8] tit, 7^-bX^7btt, #^©7^-tr 
XjWSBSEO^aif fg£S-3VT£/££ ft, ttlE^D y 

7^ 1 5&c<D79**mm<ommzmtz 

£5tt%mmtt)m^cm<.Lx^%frorci§£ 
[oo6 9] 7t-bz?>rv b«, znm+ft%%£ 

mmx^ZCtfrhs *yb7-^%^bTSBJMt 

[0 0 7 0] 1. 7^-bX^7 btt!E*ST?*D, 7 
**X^Vy btffgfT^ftfca-^A (ESSfca, 7 
^-tX^7b^B#tffl^e.ft/ca— lfHW1S«0« 
Rf#) /£tt^7^-trX^7 b^ffl^TMr-^i 

X^7b^iEti:#fcAft/ctLTfe, 
7*-feX7-^7 K0«fTftT?«SiBfioa-lfia#1II« 
*¥KAftftV«!)» c©7^-bXf-^7b*fiJffl-r5 

[0 0 7 1] 2. 7^-feX^7 bttsetKffiag^ 



(10) 
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[0 0 7 2] Hffi$J 1 7Z*'7& t rv h t 
S 1 fcg^T&SSftSr-*?**. 
[0 0 7 3] 
[ftl] 

(1) t=D-e + co<D (n) 10 
SA (Rivest-Shamir-Adelman) 

S», W6t»**«:r:oo3is»p, q0«?a&5 (n 

= pq) . 0 (n) (4nO*-f5-», HP'S, p-1 t 

q-10«|Tf*S (* (n) = (p-1) (q- 

1) ) o etta-tfHtfllfflfcSU a-tfSfcgft* 

fry hS5SHt-^b^7^-bX«^IiE©»i^^ 
U iSRnOfefcTORSAaBWnfftt), S2*»fe 
to 20 
[0 0 7 4] 

[»2] (2) gcd (D, 0 (n) ) =1 

gcd (x, y) (irgu, y©l?^,ftjR% 

gfc a (2) tc^rmztizma. 

[0 0 7 5] 

[S3] (3) ED mod 0 (n) =1 

[0 0 7 6] a>tt, n*.fctfefctt#l/0£tSBn*fc 
nSS^tteOl^f'ftfr-StfgfcSif^ 30 

[0 0 7 7] 

[»4] (4) <o = h (n | e) 

[0 0 7 8] -^ttAyS/alBSfctt, h (x) =h 
(y) fciRfc-ffflg&Sx, y£mtiT3Cfc^L< 

">ii8ft©{aji: LT\ RSA Data Securi 40 
ty I n c. K«fc§MD2, MD4, MD5, 
*S3i»SJffK:*5S«SHS (S ecu r e Has 
h Standard) WtlTM. 
[0 0 7 9] ±EOKW*KSnfe»fc*V^T, t , E 
fe«ttfntt»M5rfll1?fe0, SDOD, e, a», p, q 
*±tf# (n) ttf-*yb*ftjB*5«PJ****#W 

[0 0 8 0] H3fC, a-ifjWI^§tHS» (PC&3 
^(i7-^Xr-^ay) ©ttl&Hfc**. 0 3tfe^ 

m 3.-ym^%mmoic, *-ku-^3 9 50 
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tfiSSISftTfcO, a— «ftt*-KU-^3 9 tc h- fr 
y3 3^JfALT|iJffltl)o -Ty*-*>y h777if 3 
U TvfrVy, tim^ufyLtt, tfH$l3 0±© 

7^-kX^fr-y hfcftff«t3 0©!B«Ml£ftT 

©^©lifrefe'X JE3ftb-fryi:iE3ft7fr"fe:*?- 

[00 8 1] H4^#MLT$P)t||ffi0lJlKO^Tf¥ 

yi scttfc-rsfcott, 7^-bx^7M«iBli 

»5 K MIt-#!B1I05 5 2, gU&3S£95 5 3, SLS 
1311055 4, mtT~* &*]sy*S) H-S05 5 5, r 
-*#Kft5 6, !Wr-*§ll955 7, SLftJSbllBfcS 
g|55 8. feitf«MBEai5 5 9 f:7?*/asn, t^Pfr? 

h3 5 a N tl^/g/Ts95 6 i Kfcfe&ts,, c©#ij-e«$ 

tf, ^g^UT^frPfrvA£»W-f-y£fff£ 

«*Ttj:v\ tits um?v?7i*3 2&. mm 

T-*m®l K 7*-trX?-fr>y MBHS57 2, SI 
MM! 7 3 j3±tfEWr-*&a»7 6 fc-tfftSStu 
*y3 3«n— tfB«HHHeW97 4feJ:tffg2iSi 

s»7 sfc-cfl&ssft*. 

[0 0 8 2] *fc, ftftKO^TKWt*. VCFOmW 

[0 0 8 3] [Xt77°1] :a-tfrfMy*-*y h 
7 7 fr if e. ts ftfc n y r y y ©ipjffl t § 
y*-*y h77<7Wg^fc£ftfc3yryy 

nx^z-fyp'rymLxu-Fu isij-r^o a* 
ts^^y^jgfttsfc, fr^fr^y*©^^- 
^yi 5tf£$±tf«„ z<Di%£<Day7-yv mz.- 
y*-%vh-77v If *1 L T ¥ Uffl 1 5 «fc o ft fe 

IB, /W/^-K+a^yhft^) -efcofeD, Java 

[0 0 8 4] [ZT77°2] : 7°7^Vy©^tiE;l/-^ 

yi 5fi, r-*»«a5k:*v^TiB^ksnfe3yry 
M^7^^7F«(E, n) fcBSEr-* 
K 1 -m D ttJ ^n^ti7 ^ -bX^ y h ^6S«HB1g 

gi5 5 1 mm.r-m'ms zwmtz, ::tb, 
nfcnyr yyt^BiLTBfljsnT^s tot LTSi 
Bg^jb$nfc3yry > ytj«bTv^Tfc ( t 

h7-^*3iUTA#T**5J:3li:LTt *^ 
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T^sotf^sK, sec, mmwf-m, a-v 

V\, 09*tf* KESEr-*tt, B|^kLT3>r>y© 

[0085] : *t, mm-ry 1 5 

H\ 5 3 r ££/SLa»Etta5 5 4 K 

fcttU 7^-feX^yF^H (E, n) tWM.T- 

^^xsnMLim^xw^T-^ (.f-vuy?) io 

C4S5fcfieoTtf»t«. 
[0 0 8 6] 

[85] (5) C=r E K E mod n 

?*\/yi?c trtizzf-r'y h&mmm (rsas 
wo mt, mr-z&imk&MztiZc cmtca 
a8 r tfastvt^sfcik iiioatsft^fiift 

•3, U7W7*'y**l8±*S&ll*#c>. 
[0 0 8 7] [Xf7 74] illffl^n^Am 
WfiE/l/-f-;/frSiS5ftfcf-+ l^C R S Aj£8n 
t»IfflT-*§l§StfT§fBU SEHHf-* 20 

SfB7^X^7 MBH8P7 2fr?>, R S AMn 
**HcLTttJS*57*'fea?-*'y h t*Btf#U R 
SASttnOfcfc-C, S6%MTt*PI«^gR , 

[0 0 8 8] 

C»6] (6) R' =C' mod n 
[XT y 7 5 ] : £ 2 MM 7 5 «, 3-+F0#lf IBIS 
tt»7 4 KiE*SnTV>5a-1fH#1tffie fcJRfiU 
a7*jWrtiSfMWBS*flS. 30 
[0 0 8 9] 

[87] (7) S = C e mod n 
[Xf7 76] :*LT, tErcT-*£/S3P7 6«3ll 
*S«fctf3l2i&|?a57 3, 7 5frP>Wlil6R' SJtfM 

#m s %!#t, s 8 omztt^mT-tRzm 

[0 0 9 0] 

[88] (8) R = R" S mod n 

mmT-*m, mi)^~Ty\mmn^ a 

[0 0 9 1] [Xf777] :ttiE;P-^>l 5©a» 40 

nm&m 5 8 lEWr-^sfflap 5 7 -est ucg 

UUT-*RfcIS1#U !§LaiH«fiP5 4fciBttSftTVS 
[0 0 9 2] 

[89] (9) K* =R r" mod n 
[Xr >y 7° 8 ] : ttSEii 5 9 Xlt, M!Ba8^^gP 
5 8T?!tSLfcK' tf7**XS«fBtE©#ai*ffl"?ifc 

ie l < r * -b mmmmm^ ira % d ta-^T 
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mtztiKT-tzmLxfrx, sEnmztisfr 
fticmmmttx&z, r ttzmfemm 

o X ^* H 9 frT-IUST 5 TJ&ft If *^ S. !£#©£ 
fficti, SIS^I S09 7 9 6ft£©#ffi*ffl^3t 

[0 0 9 3] [7f<y79] :®m5 9X<DmftX. 

[0 0 9 4] Uf-y7l0] 6 1H\ 

6 L remits nrc 3 y r y 7 LTg*t 

[0 0 9 5] CO±5fcbT, Eaft*PJ*tt*a- 

fc 3 y r yy ©*E? yffl m <* c t tfx t § . 
[0096] nmt-£tifc3>Tyy 

ti, 7^«^7F« (E, n) tmUT-$K 

1 t%{mLxmmti%$><DtLxmwLrc a z.m 
mtsnrcayT-yvmmm 5 t^t. 0 5 

Ki^W (E, n) fc, BiEr-*K'fc, Bg#fk*n 
[0 0 9 7] 3>ryy*{*f±»KT?B|^ftSnTfc 

gusjami»sa5«iuT»Ki&a7c-r5 c fe^m d 
©n k ^ffl v^t 3 y r y v*wm w 5 c t mmK 
ft§ 0 

[0 0 9 8] fi^ttJ&«fct)fl5J&5fei&Ett, BSEr-* 

k E ft3.—*fitc K$mv * ft ^ <fc 5 1 tifeiif n 

T^«CttfiSU\ t©^©-Sffi%, H6E^ 

t 0 06m H5fcnttKi, nwbjnfcayryy 

7^-bX^7h / A« (E, n) i:BiEr-*K 

3yry7*ftBtT*ft<, KIEr— ^ K E fc$?>tcBi 
§ftShT^5. H6T?tt, ISiEr-*K'tt»K,K«fc 

[0099] mi)\s-Ty<DT-zmmt, zwn^ 



(12) 



z l 1-3 1 13 0 



21 



22 



mmK r Kmt%'mMK f mwLTSsr> asm 

•trX^yFiM (E, n) Bg^ftSnfeBBEr 

fcj^lUKft*. 10 
[0 10 0] caii, n:/T>y##«iET-2ft 

^mt ixmLfct>\ c0*»*r s Aft^o&m 

[0 10 1] $fe, 3>r>7©gfe*«&*fiEe!l*H 

UT*-e^«I«T***OI4«Soy9^>^Tf 20 

>T >ti C ©3>r »TM! XftH^-T 5o 
[0 10 2] WTTtt, l fcfc^TttBLfcttB 
;P-^>oWE»K*tt*»I«!)«a«*H8~Hl l 

f-y©f©MI$5 9£O^T©}f$ft*LT^§o C 

Oft J±«gP 5 9 1 ^ffl&{I!E'Ig|5 5 9 2 £3 <fc ? ft 30 

8&Si:i/c*Lfc#, cntdset" ss^Fffiia«ffi 5 9 2 
ft mmm 5 9 ©wif«LTfc«^\ 

[0 10 3] (1) 8SEf5 5 9 ©«JS09© 1*188 fc* 
to C©«J«0mi, 818155 9 H\ M^It3ti^5 9 
2 fc, Jt«9P5 9 1 i^U fflfiffilB1US5 9 2KB 

i mm?-*. & % wmmT-z^micmm 
zm t rdisic &m t feEWr - * ^ 5 assail* 
iSLfeMf-^tfA^sn^o c©A#£n/M 40 

mktmm^5 9 n?jt«*5. j£r©*sh, Eat 

[0104] <:©*/£©«£, ffi#fii3it^5 9 2 tie 

ztizctn, mmxi*&?x^B!mx&%\,\ mn 

mmx&% t , ira 7 o 9vLo>mmm % m 
mmr&ctmmtM, Mtzuczzttr 50 



*-feXtfnJitgtft5o £©«fc 5 fcCfcfcK 

awiRi'Nos»^ffl!ftaits^'o-^ifiii4Ki»h 0 

ftffli^T, JH^HIEttap 5 9 2 fcSBHt SJfifSfcfc L 
T, Afc-£lRJttB§»h 0 &SSLTf#5ft5r-*h 
(A) fttBULTfct, ^KEgP 5 9 1 KA^SnfelEW 
r-*A" CftLT, -tffottHRh () ftSSLfcSSIS 
©r-*h (A* ) toM^R^^tWJ;^. 
c©±5t«lS-r«cii:-e, 7J- mftHIBtiffi 5 9 2 
tfBULTI/^JBmih (A) fc^SftfcfcLTfc. 
h (A) fre>timWt&C£lt%L<mmv%Z<D 

[0 10 5] (2) ^»5 9©*jS0!l©2&BI9fc* 
fo £©«J^Jm ttSEg|5 5 9fct ffl#flI2'igP5 9 

2 ^ jt«gp5 9 1 tmmsm5 9 3 tstu m 

tmm® 5 9 2 fcttEBHr-* £ LTfliftLT^SJW 
#{lAfttB'lUT^3o 8liE»5 9'\©A2lfctt, SEK 
To ffyhfr e> t fcHW r- * , $ 5 v> ttBBEr- 

- * 5 SU8S»m*l»S L fcEEB^r- * A£ S n § o 

ccD\tizftmwT~zh' t, ®mmwM5 9 2 
tmbx^zmmk tmmximt^ tt«© 

itecmmKm^x^mtT-tzmi, r- 

[0 10 6] fltiftffi -^fiittWRh 0 ft 

[0 10 7] (3) WEfl!5 90«A«|03«Hl 0IC 

^■To cmmxtt, mmmmicmm5 9 

r#iat2'lg|5 5 9 2 fc, Jt«95 5 9 1 tft^tS 

*\ ^#fifB^5 9 zummutLxmmK^E 

k' t, mmmti5 9 2\ztmLx^mmmt 
%jt«95 5 9 l-etbR-rs. Jteosa, iEit^s 

a^u r-^ft^i-5 0 

[0 10 8] (4) «Ea55 9©»jafll©4*Hl 1 fc 

^fo c<o«js«!n?tt, ttEE3P5 9tt, %mm®5 

9 4ftWLTV^o ttgE8l5 5 9^0A*Ktt, CT7°n 

* 5 a«« LfcfiEWr- * Art S ti§ 0 c © 
A^^n/feBEWr-* K ' ft^fift^ggP 5 9 4 T?«S 

ItHXtsZs K' A^OTtSttft^oTV^^ifd^ft 
«aEt«t©-p*5. 0fl*fcr, H^fe I S 0 9 7 9 6 
ftif©7?S%ffl^5Cfc!b^t5. 7l*tt^S^5 9 4 

T^stto^st^tsh, ji:fitt^saP5 9 4tta 
^/a^S6 ics^«k' ftiSL, m/ume i 
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[0109] [HflS09 2 ] o?(c*aifl®&M0l 2 tco 
g»l 1 fc±^T£jSSftfcEWr-*tfttiiEfflr-* 
r - * Tfc S C i: HUBr- * MM 1 0 0«|E;l/ 

;1/-^>1 5 t|^§7n^5A3 5fc£-{«tb?77 

[0 110] bfrb, &S09l0«fc3fc, ffiEH8r-*fr 
&ajHbS«Nl£L^Si«««^i2: LTffl^*ttT? 20 

a, 1 1 * o^snoiE3tt*¥ij£-r s&stift 

0, jE34«Mi-?«S«^lcl4, £b<**WSSjb 

T-9--1? x%affi-r 5 c tmmtt *) , iESftts*§§i 

[0 111] H»2?a, C0J;5K*8E950*^ffil 

t\^mw,m^t\ z<offlfo)r-?y\cwmm 30 
#&bftK osd, ffimm\,Tzfrz?mwfct 

h&Klii (E, n) t|»-^K E ^f9 

[0 1 1 2] 11 2 fi, ^tfl2©*jSffl**bfct>0 
•?a&3o E112a, H4fr51^fl5 9fcft<bfciJff 

?fet), **uwaH4 mmisx3b&a 40 
[0113] ftftfco^Tfc, HftflinfiWBbfeoi: 
BfcA,ffPUT&!>, [Xfyfl] ~ [Xfv77] 
aiBIb^H^f^o JUT, [Xf-y/8] WBtov^T 

[0 114] LZtV/S] : Xr77°7fCj;ti»l/ 

5 s Tfinibfc k • mmt hxm/m® 

6 1 'sSt. 

[0 115] [^r-y^g] :«#/S^i5 6 ltt, tt 
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JBl^TEIil§T-*fc£jSbfcfc£0#, S^HK' aiE 

bi/^ac&o, B&^b*nfen^r>v^]Eb<fi 
Offf , Hi^tftsnfc 3 yf y^aiEb < «#s*ft^ 

[0 116] [«IJ3] OtU#^©|»j3EO 

tvs„ o ©Hffi^iJ 3 atP£r-#iMij-e±fE t as 
(b) ^bmmmmmm. ®mwMc&L 

^•p^bTfeS. 01 3K*J^T, 8 lttSHNWEttffiP 

-f-y^toffi^bTi/^o 
[0117] ©^{k«nfc3>r>y<o*ifi{±, Bg^ft 

ffifigsnrfe 0 , mEr-**£tr£gtiftv\, 
[0 118] BffKo^TKWr*. WTO«W 

[0 119] [Xry/l] : a-9Wv*-*y h 
tvWto 5 nwft £ ft 3 y r y y ©f Offl SS^t § 

ft-nss^y-r^ftSbTn-Ku efrr«. *te 

■fw y 7 h / v si brf ijffl-r § * 5 * «. 

H, A-T/<-K*a^>hftH) -e*ofet), Java 
7^b<y H©£9ft7W7AT*fcofcf)-f 5o 
[0 120] [Zry^Z] •.•fyMVQVmr-f- 
y\ 5a, r-^SHMEte^TW^ffcSftfcsyry 

^^7?«W^« (E, n) fcfltttUU 
7^-feX^y-y M^«IB1tai5 5 1 fcfe^t^o 
[0 12 1] [Xr>yy3] : ^C, ^ll^-f-y 1 5 

a, m&m 5 3 nm r s^^bSL^!Bi«gi5 5 4 1 

ISttU SL^rSJMfr-^ (^+byy > ) CtbX, 

^uyz?ct7t*zf->rv h&rmm a s as 

ft) nfc*. SEH^r-^^iJE)Mtt-^o COS^, 
ft§aTT*fe5o 

[0 12 2] :ra§7n?5ATH\ 
*K;l^f-^53S6nfef'+ U>J?C t R S AS^n 
fc*BKfflr-*38ffl»Tf3MIU OTr-^ (bX,t° 
yX) R*WT©J:5fcbT4i«1-*. Sf, ^l^g 
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s*-ELT#is-r*7^-fex^y h t mmu r 

So 

[0 12 3] [7f775] :»2»0l*7 5tt, a- 

[0 12 4] [XT776] : *LT, IP^T-^^Jt 

<fc tf Mtffltffi S S 8 OlW*fT^IEIBr-* R 

m%o EWr-*Rtt, }£f»£il$tiSo 
[0 12 5] [Xf777] :«BE;l/-f->l 5 0ttK 

[0 12 6] 

[Si 0] (1 0) r' =R E mod n 

[0 127] [Xry78] :«^/a^»6 1l4, * 
m 5 9 6*^*K 5 , r-*#» 5 6 T 

#s l fcug ^ft$ n/i n > r w l xm t s „ 
3tf-sns«itf$src^ •s^mmh^ ■< 

[0128] ccfcSfc, WE/P-^yptta— iftfiE 

[0 12 9] ±|BS 1 *V^L»3»-fy© 
gB#fc77 h*x77 , P?7£T?i#?S«!l**Ufc 

^StS&gtf&So ^Q^&T^LT, tw* 

(1 2) F (x, 

nliRSAffiS, D«77-fe;W>y h-Mt> e«3 

[0 1 3 5] 01 iZfmLTZZKXm&VHc-O^T 

mattmt&o hi 4», sarcoid 4 

01 4©fem o£D7 

^^^teAtfttBE^^^initt, ^ssffii i ©04 m 
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So cftSoStBti, tt±Hii5 r^a^An-K© 

mMkEo^Tj , m^'ifsifi^Kffiw^^ ( i 

EICE Technical Report) f ffi-fe 
*al>Tf, I SEC 9 5-2 5 (1 9 9 5) 
StiT^S. tfc, V7M7X7»¥S«^K, 
-^y£ffi^7p^^£lo©/N-F7x7?1M 

0 x7 J f>PC*-KteJ:tf I C*-K^«JSt5<:f:3y 

a#/awaw<T* 1 oo^- f* x7-p*ww* c 

[0130] [ISM 4 ] OSffc *5&fl3<D£MU 4 KO 
^TlOTt So *^M-c"1i, flJfflSJflfiflllfcffl^fc* 

nmmm s m<Dwmm$> o , s fc?- e x * 

^l-S^MBll-SMffgTfet), 79*X?>r 

-y7fS<:t^i?f So cnW^tfcWJWflHHtH:, ft 
l^T, h— ^y*E^$nT^S3.-tf©ltttJtK 
[0 13 1] KTttt> »J»1S«i:tTfiJfflffllS*ffl^ 

10 ^So 

[0 13 2] *nmiT*&. 7^-bX^y h t tt&O 

si ncsovT^$nsr-^T-*s 0 

[0 133] 
[ftl 1] 

(11) t =D-F (n, e, L) 

u, y, z) aM»fii^«^Lk:<v^H 

8 SKIftlf » 0 , tffl * tffiijao-SlRltt/ n y a BBS h 

mmimi 3<o<J;5tSfeSi:fc^T'tSo 

[0 13 4] 
10 BR 12] 

, z) =h (x | y | z) 

CTfeSo 

[0 13 6] mmf U^yh3 2a, 8BfiEffl7*-^S 
fl»7 1, 7^-feX^yhCH»7 2, $ 1^*337 
3*±tf|EBB7 , -*4ja»7 6 tT'^Sti, h-?y 
3 3{i3-^@ttf8fB1tg|5 7 4, g2iRSi5 7 5fe«fc 

yfyffl»ifRWsa5 7 7 k7?«<ssn5. 

[0 13 7] 7?-irX5Hry HHttgP 7 2tt, R S AS 
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'If fg L ommfeU ¥iJ£©g!IIE U> W£ L tc t 
t©*, ?iJffl*0fflI1f«L%ffi2«g3P7 5fcS*o £52 
SCga?7 51?fi, *iJffl»tffPJ£^7 7A^fiJffl»l» 
1i!«L*i8Sftfc Si 3fcgoVTM#fc« 

S^fSU iEEr-*£j£3|57 6lc3&S. 

[0 13 8] 

[»1 3] 

(13) S = C f< "' L> mod n 10 

"D^-ctmt&o m#mmt Lxmmmm?t 

tfctt, fOT»lffBL©ffi&, «(fl 9 9 7 1 2 3 

i24oooj:?ftiiTft«o zcommm 

WBtfl 9 9 7^1 2^3 1B2 4 : OOSTfcV^C 

[0 13 9] h-^>*OflJfflWMlJ^7 7 {i, 

?«fflfW1B1f«LfcSfeOl^fc*JtlW-*. ?LTtt® 20 
©IBS, fllfflMWflMS L ©j@«t©f)im M&X&Z 
EU^WtU fiJfflW'lflSL^2^» 
$7 5 ^2?H»g|37 5?«\ 3pJfflW»1WHWS 

gP7 ifrzmmwmimztiittzQ^ si 3 

£SoVTi§#'tf*ES%ftS[U SEWr-*&R»7 6 

[0 1 4 0] l«J 1 fc^ttfc, SEIBt-*£jS 

f-yi 5©a«J»l&IKSa5 5 8'rtt, HWr-^Stg? 
5 7 X%{% UcfEBHr- * R U SLKIEttflS 5 4 30 

K' *#5. 

[0141] jEU^7*-feX^rv F t fc, iEU^t- 
tfftSftfcfctfclBoT, K' =K^J*0fi'B, «SE7l/ 

-f-yi 5©&!»£9iEU^©fj£^snT, 

tlTl/^7^-trX^7 F^ffifc? t LT, {5J#frtf> 
7^-bXf-^y HfB1fqP7 2£!S1I£ftTV^iJffl»P 
1t$8L£«HLfckLTfc, 7^trx^yM*#»[ 40 
tSCfctt^f av^ca6, IOTr-*M37 6T-S8 

[0 14 2] flJffl»ffgL^-ex©flJffl^TS§ 
fctfctt, «9AHWIfflSlfflIflfiBLOilfcbT, 1010 
0RO*»7\ 1 OOfcV^SFJ^ABftT^S. 

[0143] h-^y«, «*tf:/!W FoaffflWB 

SPJfflf&JfllSffiWSgP 7 7 {4, fiJfflWIifH L 7 U *4 
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[0144] tfe, mmm®<Dfrb<9^ 
mmmmzu f - * > *©f uffl»ifpj£ 
» 7 7 a, mmm l £©it« ttt> 

MB! 5KWt*5£lXt>£\<\ ^ 

[0 14 5] C©J;3fc, CC^LfcflJWfl-'Pfc, fij 
ffl»»J£$ 7 7 £ cfc 5 fUfflffiffifflRg LWi^ 
Lfc!iT"fOT»lf fg L £fg 2 igg^ 7 5 ESt J: 5 K 

flltf* a e: T\ * * 2f £ ftf yffl apjffli*ff 5 c fc im& 

[oi46] 5 ] "DgKtmnmm 5 to 
v^Tiiiwrs. mm5&, mmmmLxx-ft 
Mttixrc^yryvm\%Lx, v-vzmmz 

5 C i ^Jit. H l 5 fciffilSBMfcfiJffl XS 

vmmmzmmhx, iftiBflisns. 3.- 
^^m^fjS7yr^-egjibSiiai 0 OKA 

[0 14 7] ccTHttSnsayr^ytt, WiB, S 

ttSflft 1 0 OE88K£ftfcr Uli ' t'f* 2 0 0,^- 
-rV«t§3 0 0, 3ytf;i-# (PC) 4 0 0#f 

?ijffl$n§o cc-zfti, Sif«i oofc-9--trxfijfflS 

[0 14 8] *^-b;Wfc«nfe3yr>yo«Ji*Hl 
7 3 y r > y ©■ffl'J*1" 5 k &n 

« (e, n) is^m\ttnmm^MLx^o 
mitt tiftr- z mmcommxmitntirz a y 

[0 l 4 9] HI 7ttHl 5KfeltSSfl«l 0 0©* 

«*JWWSfc*Lfcfl-e**. oooftniKtt 

§ 0 iI7yrt^50Miftt» SfSfiMIl 0 0 

Of-a-t l 0 l tA^Sn^c ^a-t l 0 l 

i l 0 0 o^*;l/% L < tt V ta>t <fe 0 3- WSR 
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7fcLTfi7tU r-^'3>hD-;l/0KlO3EX 
^tSo r-2 • 3>ho-;l/H»l 0 3m 3>r 

;H:HSiJU ayfyyhWWtinx^rj:^^ 
ftTi^SS^fcS, nyryy%1ME/«^[HS8l 0 4 

tx^ts. *he/«*§hi»io4t?w\ ;:nti?©^ 

tfnJtTOS#\ Hffi$j5m giJ©££**LTpM 10 

tSo co^ffiosaiKov^TttHi 8*#jaLTi«w 

1 0 5ZftLX\?T*T3-?l 0 6f feB*-^ * 
r a-# 1 0 7 O^ftTft^tSfH^fc LTfiJffl« 

[0 15 0] HI 8K, MIJ5©&tiE^JI (7nb3 

[0151] mmW5lcm%7ttz?-'rv h tttS 
1 4ES^T&a«n*r-*-p**. 20 
[0 15 2] 

[Si 4] (1 4) t =D— F (n, e) 

±S*OE^ttt^TS»T*D, WT*S*. (MM 

m 1 os#n) 

nttRSASR, W5-Hfc*:£ano©*Sp, q©» 
T'&S (n = pq) o « (n) ttnO*-l'9-», SP 
5, p-lfcq-l©arC&S (* (n) = (p-1) 
(q-1) ) . eaa-tf'@#ifg§gL> a-^WfC 

■bX^vHHWi*aU SSnOtfc-eORSAlB 30 
Bitt?*!), S2«»fct. CCTf, gcd (x, y) 
fctr»x, y 

[0153]S (2) K*oT^S?n«ttStt, ^3 
[0 15 4] r^SMSF (x, y) 
§0 

[0 15 5] 40 
[SI 5] 

(1 5) F (x, y) =h (x I y) 

ttTBfcffli^T, mmsmmmmtZo mi ik 
mmu/mm 1 0 4 as 1 8 -m 3 8 -mum. 

So 8ME/«#llB3 8mWl<-?-y 1 5 fc«^g|56 
ltA^ftt), ASIC (appl ication s 
pecificintegrated circui 
t) t»T?££S*l*tfcT, a^OSfSfiffl^ttlEyl/- 

^yoe^ttffffKSn*. fcts3A4ftSE/a*fll»3 

8 £V7 b 7x77p ^7 ATMf § C t nftM 50 
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3„ Sfc, «t»)g^1t*fl5«)5fc«)£, fu^L/cB^ 

fc* 7** ;Wt? nfe nyfyy £r- 5 6 ? 3 
>f7^7 ^m^ts ftfcr-* kfcftKU an 

ft (E, n) £7*-feX^ry b&M»E1!8P5 He, 
Pf^b$nfc^HK E ^IIr-^!S1ig|55 2t, Bf 

SLS!BtIg|5 5 4 KE*-r5-ST?, jMMr-^ttSgPfc 

turrso 

[0 15 6] CO^KLXmbrcsmr-i'Cit, 

[0 15 7] M7P^7iOl 1 m&7 3fe«fctm 

tT^ft, 7^-bX^>y MiEPROM (e r a s a b 
leprogra mm able read only 
memory) SfcfBttStnVS. 8!ET-*tt8M 

*7*-tzX**v r- 1 fcSftU KIEr-^Sf «57 1 
fr&aHfl^fcRSAffiftnOti:-^ Si 6*SSfft 
fNfflWBR' £tfSo 

[0 15 8] 

[Si 6] 

(16) R' =C l mod n 
E*8P7 4fcJ:ira2iaSSP7 5£WU T^nny 

[0 159] 
[Si 7] 

(17) S = C F "" e> mod n 
iPJ!7n?7A©tPJ3r-2£$35 7 5tt8l 

*5«fctf!B2S[i¥gP7 3, 7 5frP>>mfPRR' 
tfflWgSfcflT, SI 8 0fW*fTl>iMBT-*R**l 

So 

[0 16 0] 

[Si 8] (18) R = R' S mo d n 

[oi6i] mtfr-f-y 1 5oaBadsi»sai5 5 8 

ti, r-^StgP 5 7 ■eafflLfeEHr-* R 
U ajSE«»5 4KHt«nT^*a«r kKiD, 
Si 9©ff**fTlM*^K*1#*. 
[0 16 2] 

[ft 19] (19) K = R r ' mod n 
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[oi6 3] mti^nrcayfyyit, tV2)W-z 
t ltp c n$m ztircis mum**-?* *m 

[o i e 4] m 1 9K, *mm<ov-\>zffltm<D 
tuna***, sk*** s K^-exa^swiri/ 

oW*. 019 (a) fcaWiSfc, 3>rW!W* 

^fcsnT^snstt h- ^y^-e^M^HS^ 
Tit-exii^aiiEh-f^ffAtai:, 119 

(b) fc^TJ:5lc8M»fta*!:k*«i?**J:5li:4 
[0 16 5] coj;St, ♦JSPTCtt, 3>rW*l 

-i?mm*mirc h-^ym^L^t^- 

Tavf^oywW^ «#) tt, 3>fy7% 

«t««:l:*«priiT*»), 7^-bX^-5r«yhi:h 
-tvtK&t) a-1f c: k o«^*ipJfflffa*tf 5 c k 

[0166] [£ffi0lj 6 ] Offfc#5S!IJ©£flS0IJ 6 (CO 

h £S 2 0 -psst 5 £ k -cms na „ 

[0 167] 

[»2 0] (20) t=D-F (n, e, L) 

CCT, Ltt¥iJfflSJfflHtffit?*t), 5pJffl«Blfi*St. H 
gftlflSF (x, y, z) l4Ha«jWK5UC<^=« 

[0 16 8] 
Oft 2 1] 

(2 1) F (x, y, z) =h (x I y | z) 

02 o\cmmim<omm^to m^ttm 
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*>ftv^tttWt5<:i:*^f 5. 02 ltfijfflfBU 

[0 1 6 9] &rf, mm^xmm 6 mmmwt 

%o m/mmT*li, r-* • ny h-n-;l«J; 
• U (E, n) *7*fcX^vh&W»aait 

10 5 2 #mt&tifcT-#&mm 1 Kznzm 

*mnwc»v^T3asfir-# c #s 1 5 fcgovTtw 
t*. 

[0 17 0] COi^KLTW-fiCbfcMl^r-^Ctt, 

[0171] aPBTW^AOli 1 iftSa5 7 3fccfctMI 

fr£ft, 70-feXf-frv M1EPR0M (e r a s a b 
20 1 e p r 0 g r a mm a b 1 e read only 
memory) SfcEMSftT^S. «SEr-*l4»a 
LfcnfcgK^-feX^-y h«giS7 2frB, ftJSt 
57*-feX^>y h- t fc*Jfflffl»1lBRL*ajRU RIE 
r-*gflg|57 l*«6»H-«ofcRSAtt»nOt.i: 

[0 17 2] h-^yfi, a— tfH*flNR|B1ia57 4, 

tym\T-Z%mhT^%<> h-?yii, v^nn 

y e a - if & h wm t- * t mmmm utsm 

y mwmwwm l « of yfflg»w±a^ t 
fflii?j«iifffiLrto¥ijfflg»»«ast5o t'»soit 
rx7-«5g-r. ±iBo«aE^<s*bfc*^tt, S22 

40 [0 17 3] 
[R2 2] 

(2 2) S = C F<n ' e ' U mod n 

**tf«2t«Sa57 3, 7 5^F»*P^[fSR' fccttfM 
»HffiS*#T, Si 8©fUH*fTV«l|3r-*R*ff 
5o COi^KUTflSnfelEllir-^RH:, «SE/« 

[0174] Mi^-f-y 1 5©a»s&si»sw5 8 

tt, r-^Stffi 5 7 T*»t LfeHHr-* R ^tf 
50 U a*ie«gP5 4KgB1i«nT^Saftri:»!:«J:0, 
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Si 9 0ttS£fiV>«^»K*#S. CCTf, fcbh- 

<l^> k #ie l < g^snft <p h 5 ^*«@e 

BP5 9T?!ftiiE-r5«J:5CbTtJ:l/\ i#&tife*#»K 

<TSo 

[0 17 5] HtfjSftfc3>r:/ytt, tVZiW-* 

tLXPcmmntcK), w>m**-T4*m 

[0 17 6] h-f >Kl^iJ*^fe€ 

t^s#\ i cti-Fm^ziis&mmmm^ 

[0 17 7] tCfcSfctaci:'?, a-^T^-bX 
ft, lo©^*;l/©n>T>y*Wl^tt?[i^ 

T'&So 

[o 1 7 8] 4*, *»iti±ao*jswKiB£«n* 

feO"p{ift<, tfflAtf, raVrWOfUfflfct* 14 ©IB 

ipjfflts«^Eaffl"ets. !#©«!£«> r 

-^ill, TCP/ I Pg«K:*«aM*7*^©-9- 
[0 17 9] 

£ «fc D , 7 ?*XSME©$t1f IB a-tf HSflHR 

ttgiat^ffi-psao zlx, 3.-*r®mmt7 40 

{uyT-yvzm) f s©t\ a— »f« 
tfmsrr § ^-<f 0 t'ft m t ttSfeiK 7 * * x ftffig&E 

a-lfE K 7 *f * attfcRJTT 5 £ ^Rlftg t ft 0 , 
Bf^ik b fc n y r > 7 *a— If « fc fflST 5 mm < 

ftSo 

[0®©fS#ftM 50 
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i ] *mmmmmmz*t'?zi 7 * 
1 <omm<Dm**t'7u vmx 

1 ©a-^^SfM©«0-e 

1 <Dmmmm%y*ri ^mx-h 
1 (D^mt^nrcayryymm 

l OB&^ftsnfcnyryy©*^ 

1 ommm^mmm-csb 
1 ottiEfficfejj-sfiyio*<aff!iT* 



&So 

[02] mm\ 

&s 0 

[03] gftffl 

£So 

[14] mm 

s 0 

[0 5] »j 

1 x*h% a 

[06] 

2T'&S 0 

[07] m 

3 7* So 



[09] i»i 

So 

[0 1 0] mm 1 osnEapcfcw sms©m>j? 

20 &So 

[Hi] i» 1 mmmcmmmmmx 

&So 

[012] 2 mmmm^yu 7 * gn?£ 

So 

[013] 3 © WJ©PSift 7 n -y * 0?fe 

So 

[014] mmm 4 © wj©t»7"n -y 70-es 

So 

[015] Hffi0j5©«0T?&So 

30 [016] ^»j5©*7°-b;HkSnrcn>'ry7© 

[017] i» 5 OflliaffljOpfflfty o 7 * 0?& 

So 

[018] £ffi0ij 5 ©1MJ©PIHft7*n 7 *0TS> 

So 

[019] mmm 5 o«/««ijohi?*5. 

[020] 6 mmmmmmxh^o 

[021] »j e mmmmz-fv *,tm*> 

So 



[^f^OOT] 

1 0 wmT~mmm 

l 1 HE^r-^^SK 

12 79*WrvY$jmm 

13 77«^7b (EBM»r-^) 

1 4 79±*mm0®wm 

1 5 mtfb-f-y 

1 6 a-tf'@t'[fl6 

1 7 !P£t-#£$7W7A 

1 8 BSEfflr-* 

1 9 'mr-Z 
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20 ws*y^~mm 
3 o mm 

3 1 

32 mm-fvfvh 



(19) 
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*33 v-^y 

3 4 ayryy 

3 5 m7n>?yh 
* 3 8 C^y^y •ZPz-M 
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